packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wireshark/CVE-2019-10899.patch
gu-gu-gu 29af5ef1cf fix cves
2019-12-25 18:37:21 +08:00

40 lines
1.5 KiB
Diff
Raw Blame History

From f43ac1291b80bbccdd1ef3e6118f72e08dc8beac Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Fri, 1 Mar 2019 11:18:53 +0100
Subject: [PATCH] srvloc: check buffer index to prevent heap overflow.
Bug: 15546
Change-Id: I35eee1f6e1127db74339ec7218d7681bd93de59c
Reviewed-on: https://code.wireshark.org/review/32285
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 8f15ebed65ceea5c856fce055b5d83fb0c4b597b)
Reviewed-on: https://code.wireshark.org/review/32340
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
---
epan/dissectors/packet-srvloc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/epan/dissectors/packet-srvloc.c b/epan/dissectors/packet-srvloc.c
index 629ca78..d0ecf88 100644
--- a/epan/dissectors/packet-srvloc.c
+++ b/epan/dissectors/packet-srvloc.c
@@ -444,9 +444,13 @@ unicode_to_bytes(tvbuff_t *tvb, int offset, int length, gboolean endianness)
for (i = length; i > 0; i--) {
c_char = ascii_text[i];
if (c_char != 0) {
+ if (i == 0)
+ break;
i--;
c_char1 = ascii_text[i];
if (c_char1 == 0) {
+ if (i == 0)
+ break;
i--;
c_char1 = ascii_text[i];
}
--
2.7.4
Reference in New Issue View Git Blame Copy Permalink