From: Michael Richardson <mcr@sandelman.ca>
Date: Fri, 20 Sep 2019 15:02:00 +0000 (-0400)
Subject: do sanity checks on PHB header length before allocating memory. There was no fault... 
X-Git-Tag: libpcap-1.10-bp~421
X-Git-Url: https://git.tcpdump.org/libpcap/commitdiff_plain/03ee24f06978af44ead65e5288ef4924a1542112?ds=sidebyside

do sanity checks on PHB header length before allocating memory. There was no fault; but doing the check results in a more consistent error
---

diff --git a/sf-pcapng.c b/sf-pcapng.c
index 6b36e383..225d9aaa 100644
--- a/sf-pcapng.c
+++ b/sf-pcapng.c
@@ -85,7 +85,7 @@ struct option_header {
  * Section Header Block.
  */
 #define BT_SHB			0x0A0D0D0A
-
+#define BT_SHB_INSANE_MAX       1024*1024*1  /* 1MB should be enough */
 struct section_header_block {
 	bpf_u_int32	byte_order_magic;
 	u_short		major_version;
@@ -266,7 +266,7 @@ read_bytes(FILE *fp, void *buf, size_t bytes_to_read, int fail_on_eof,
 			if (amt_read == 0 && !fail_on_eof)
 				return (0);	/* EOF */
 			snprintf(errbuf, PCAP_ERRBUF_SIZE,
-			    "truncated dump file; tried to read %zu bytes, only got %zu",
+			    "truncated pcapng dump file; tried to read %zu bytes, only got %zu",
 			    bytes_to_read, amt_read);
 		}
 		return (-1);
@@ -856,26 +856,20 @@ pcap_ng_check_header(const uint8_t *magic, FILE *fp, u_int precision,
 	/*
 	 * Check the sanity of the total length.
 	 */
-	if (total_length < sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer)) {
+	if (total_length < sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer) ||
+            (total_length > BT_SHB_INSANE_MAX)) {
 		snprintf(errbuf, PCAP_ERRBUF_SIZE,
-		    "Section Header Block in pcapng dump file has a length of %u < %zu",
-		    total_length,
-		    sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer));
-		*err = 1;
-		return (NULL);
-	}
+		    "Section Header Block in pcapng dump file has invalid length %zu < _%lu_ < %lu (BT_SHB_INSANE_MAX)",
+                              sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer),
+                              total_length,
+                              BT_SHB_INSANE_MAX);
 
-	/*
-	 * Make sure it's not too big.
-	 */
-	if (total_length > INITIAL_MAX_BLOCKSIZE) {
-		snprintf(errbuf, PCAP_ERRBUF_SIZE,
-		    "pcapng block size %u > maximum %u",
-		    total_length, INITIAL_MAX_BLOCKSIZE);
 		*err = 1;
 		return (NULL);
 	}
 
+
+
 	/*
 	 * OK, this is a good pcapng file.
 	 * Allocate a pcap_t for it.