For some reason pcap fuzzers just *love* to fuzz the "link-layer type
plus other stuff" part of the pcap file header. That can produce a file
that has non-zero values in reserved fields, which means it can get
rejected well before being handed to anything for dissection.
Clear out one of the reserved parts of that field, as we'll be changing
libpcap to check for non-zero values and reporting an error.
The packet length must be <= MAXIMUM_SNAPLEN.
Currently, there is no D-Bus printer, thus no need for a bigger length.
Now a pachet is valid if:
capture length != 0,
packet length != 0,
capture length <= MAXIMUM_SNAPLEN,
packet length <= MAXIMUM_SNAPLEN,
packet length >= capture length.
Moreover:
Fix the packet header lengths of some fuzzed pcap files:
If the lengths are > MAXIMUM_SNAPLEN, set them to MAXIMUM_SNAPLEN.
Thus they will be always usable with this new sanity check.
Also, put the buffer on the stack; no reason to make it static. (65
bytes isn't a lot.)
This fixes a buffer over-read discovered by Kamil Frankowicz.
Add a test using the capture file supplied by the reporter(s).