#278 fail if capture has a packet that is too large

appneta · fklassen · Feb 27, 2017 · Feb 27, 2017 · Feb 27, 2017 · Feb 27, 2017
commit 04f1fc9755ed21a765e54bb1be0cad94b0c7c6b8
diff --git a/docs/CHANGELOG b/docs/CHANGELOG
@@ -1,4 +1,5 @@
 02/26/2017 Version 4.2.0beta1
+	- tcpcapinfo buffer overflow vulnerablily (#278)
     - Update git-clone instructions by Kyle McDonald (#277) 
     - Add protection against packet drift by Guillaume Scott (#268)
     - Include Travis-CI build support by Ilya Shipitsin (#264) (#285)

diff --git a/src/tcpcapinfo.c b/src/tcpcapinfo.c
@@ -281,6 +281,15 @@ main(int argc, char *argv[])
                 caplen = pcap_ph.caplen;
             }
 
+            if (caplentoobig) {
+                printf("\n\nCapture file appears to be damaged or corrupt.\n"
+                        "Contains packet of size %u, bigger than snap length %u\n",
+                        caplen, pcap_fh.snaplen);
+
+                close(fd);
+                break;
+            }
+
             /* check to make sure timestamps don't go backwards */
             if (last_sec > 0 && last_usec > 0) {
                 if ((pcap_ph.ts.tv_sec == last_sec) ? 
@@ -306,7 +315,7 @@ main(int argc, char *argv[])
                 }
 
                 close(fd);
-                continue;
+                break;
             }
 
             /* print the frame checksum */