Commit Graph

4 Commits

Author SHA1 Message Date
Guy Harris
82cfcd4391 Revert "Clean a bunch of fuzzed files not to fuzz the container."
This reverts commit a02c2faeec.

That zeroed out bits in the non-reserved portion of the field; the
reserved portion was already zero.
2022-03-04 18:03:41 -08:00
Guy Harris
a02c2faeec Clean a bunch of fuzzed files not to fuzz the container.
For some reason pcap fuzzers just *love* to fuzz the "link-layer type
plus other stuff" part of the pcap file header.  That can produce a file
that has non-zero values in reserved fields, which means it can get
rejected well before being handed to anything for dissection.

Clear out one of the reserved parts of that field, as we'll be changing
libpcap to check for non-zero values and reporting an error.
2022-03-04 16:04:46 -08:00
Francois-Xavier Le Bail
f253e11009 Add a sanity check on packet header length
The packet length must be <= MAXIMUM_SNAPLEN.

Currently, there is no D-Bus printer, thus no need for a bigger length.

Now a pachet is valid if:
capture length != 0,
packet length != 0,
capture length <= MAXIMUM_SNAPLEN,
packet length <= MAXIMUM_SNAPLEN,
packet length >= capture length.

Moreover:
Fix the packet header lengths of some fuzzed pcap files:
If the lengths are > MAXIMUM_SNAPLEN, set them to MAXIMUM_SNAPLEN.
Thus they will be always usable with this new sanity check.
2018-02-07 18:48:49 +01:00
Guy Harris
7a923447fd CVE-2017-13001/NFS: Don't copy more data than is in the file handle.
Also, put the buffer on the stack; no reason to make it static.  (65
bytes isn't a lot.)

This fixes a buffer over-read discovered by Kamil Frankowicz.

Add a test using the capture file supplied by the reporter(s).
2017-09-13 12:25:44 +01:00