Wireshark-commits: [Wireshark-commits] master-2.4 ed9eccc: ber: clamp BER lengths to avoid integer
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Sat, 02 Jun 2018 22:08:47 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ed9ecccaa493b97186ad64c02430117ff678a2b0
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master-2.4
Repository: wireshark

Commits:

ed9eccc by Peter Wu (peter@xxxxxxxxxxxxx):

    ber: clamp BER lengths to avoid integer overflow
    
    Many callers treat the length as signed integer, so ensure that the
    length fits in such a number. Failure to do so can have unintended
    consequences (such as calling "tvb_memdup(tvb, 0, -1)" and assuming that
    the length is actually 2^32-1).
    
    Although an exception could be thrown as well, let's give the caller a
    chance to handle this themselves.
    
    Change-Id: If92545f7d3603250f75741040435000ba879b7e3
    Ping-Bug: 14682
    Reviewed-on: https://code.wireshark.org/review/27563
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    (cherry picked from commit 67c642047362b5e2546259dd012622ff3dd6c9d9)
    Reviewed-on: https://code.wireshark.org/review/27966
    Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
    

Actions performed:

    from  ac94382   ber: fix buffer overrun (read) in dissect_ber_constrained_bitstring
    adds  ed9eccc   ber: clamp BER lengths to avoid integer overflow


Summary of changes:
 epan/dissectors/packet-ber.c | 5 +++++
 1 file changed, 5 insertions(+)