Test hdr.snaplen to see whether it fits in an int.

Assigning it to p->snapshot, and then checking whether the result is negative, should work in practice, but it gets unsigned-behavior warnings. Test beforehand whether it's valid, and only assign it to p->snapshot if it is. This should address the pcap.c part of GitHub issue the-tcpdump-group/tcpdump#785.
author: Guy Harris <guy@alum.mit.edu> 2019-07-25 15:50:57 -0700
committer: Guy Harris <guy@alum.mit.edu> 2019-07-25 15:53:23 -0700
commit: dd0edaf7eb97c05aff6502056c1e5de9944eb209 (patch)
tree: dc2cc44d821c4b46a01f9a6a21dabf52d508a2bd /sf-pcapng.c
parent: d04d4649e86656ab03f75e0f7107a7f0fc97bbd3 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/sf-pcapng.c b/sf-pcapng.c
index 52f795f7..2881da34 100644
--- a/sf-pcapng.c
+++ b/sf-pcapng.c
@@ -32,6 +32,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h> /* for INT_MAX */
 
 #include "pcap-int.h"
 
@@ -1047,8 +1048,7 @@ pcap_ng_check_header(const uint8_t *magic, FILE *fp, u_int precision,
 	}
 
 done:
-	p->snapshot = idbp->snaplen;
-	if (p->snapshot <= 0) {
+	if (idbp->snaplen == 0 || idbp->snaplen > INT_MAX) {
 		/*
 		 * Bogus snapshot length; use the maximum for this
 		 * link-layer type as a fallback.
@@ -1058,7 +1058,8 @@ done:
 		 * unsigned int.
 		 */
 		p->snapshot = max_snaplen_for_dlt(idbp->linktype);
-	}
+	} else
+		p->snapshot = idbp->snaplen;
 	p->linktype = linktype_to_dlt(idbp->linktype);
 	p->linktype_ext = 0;
author	Guy Harris <guy@alum.mit.edu>	2019-07-25 15:50:57 -0700
committer	Guy Harris <guy@alum.mit.edu>	2019-07-25 15:53:23 -0700
commit	dd0edaf7eb97c05aff6502056c1e5de9944eb209 (patch)
tree	dc2cc44d821c4b46a01f9a6a21dabf52d508a2bd /sf-pcapng.c
parent	d04d4649e86656ab03f75e0f7107a7f0fc97bbd3 (diff)