Wireshark-commits: [Wireshark-commits] master 4413d43: rtcp: fix buffer overflow in transport-cc di
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4413d43962e1aed72a285ae8fb68780bb64a11fe
Submitter: Peter Wu (peter@xxxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
4413d43 by Peter Wu (peter@xxxxxxxxxxxxx):
rtcp: fix buffer overflow in transport-cc dissection
When the packet status chunks cover more packets than advertised in the
packet status count field, fail rather than writing past the end.
https://tools.ietf.org/html/draft-holmer-rmcat-transport-wide-cc-extensions-01#section-3.1.2
Bug: 14673
Change-Id: If90baef3610d8f884b0772a4b81d6dcb4ebc9227
Fixes: v2.5.0rc0-2533-ga584eab239 ("New RTCP dissector for transport-cc")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6464
Reviewed-on: https://code.wireshark.org/review/27527
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Rui Zhang <rzhang@xxxxxxxxxxxxxx>
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from 10306f9 Free g_array_free-related memory leaks
adds 4413d43 rtcp: fix buffer overflow in transport-cc dissection
Summary of changes:
epan/dissectors/packet-rtcp.c | 41 +++++++++++++++++++++++++++++------------
1 file changed, 29 insertions(+), 12 deletions(-)