41 lines
1.1 KiB
Diff
41 lines
1.1 KiB
Diff
From 6060056e819a5b5b1a222499fe8e4060eaff1934 Mon Sep 17 00:00:00 2001
|
|
From: Guy Harris <guy@alum.mit.edu>
|
|
Date: Mon, 15 Oct 2018 13:27:37 -0700
|
|
Subject: [PATCH 182/470] Don't overflow an int.
|
|
|
|
---
|
|
sf-pcap.c | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/sf-pcap.c b/sf-pcap.c
|
|
index b493f4a..44a43d0 100644
|
|
--- a/sf-pcap.c
|
|
+++ b/sf-pcap.c
|
|
@@ -43,6 +43,7 @@
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
+#include <limits.h> /* for INT_MAX */
|
|
|
|
#include "pcap-int.h"
|
|
|
|
@@ -369,8 +370,14 @@ pcap_check_header(bpf_u_int32 magic, FILE *fp, u_int precision, char *errbuf,
|
|
* length will be misleading if you use it to figure
|
|
* out why a capture doesn't have all the packet data,
|
|
* but there's not much we can do to avoid that.
|
|
+ *
|
|
+ * But don't grow the snapshot length past the
|
|
+ * maximum value of an int.
|
|
*/
|
|
- p->snapshot += 14;
|
|
+ if (p->snapshot <= INT_MAX - 14)
|
|
+ p->snapshot += 14;
|
|
+ else
|
|
+ p->snapshot = INT_MAX;
|
|
}
|
|
} else
|
|
ps->hdrsize = sizeof(struct pcap_sf_pkthdr);
|
|
--
|
|
1.8.3.1
|
|
|