Wireshark-commits: [Wireshark-commits] master-2.2 723abd3: ber: fix buffer overrun (read) in dissec
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=723abd3940a6a77157f44a8d676544e4fe9b787c
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master-2.2
Repository: wireshark
Commits:
723abd3 by Peter Wu (peter@xxxxxxxxxxxxx):
ber: fix buffer overrun (read) in dissect_ber_constrained_bitstring
The length is an unsigned integer, but some users (such as tvb_memdup)
expect signed integers and treat negative values specially.
Bug: 14682
Change-Id: Ic3330d23d964b5cc44718b61c8985880f901674d
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8011
Reviewed-on: https://code.wireshark.org/review/27562
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit df5a8b29bbb046933b73e9e369b9bc9e4b03aaa8)
Reviewed-on: https://code.wireshark.org/review/27964
Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
Actions performed:
from 418d0c9 And removing the DISSECTOR_ASSERT() checks brought bug 14738 back.
adds 723abd3 ber: fix buffer overrun (read) in dissect_ber_constrained_bitstring
Summary of changes:
epan/dissectors/packet-ber.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)