1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From 118815ca7c9f82c1f83f8f64d9e0e54673f31677 Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Sat, 13 May 2023 21:45:16 -0400
Subject: [PATCH] GDSDB: Make sure our offset advances.
add_uint_string() returns the next offset to use, not the number
of bytes consumed. So to consume all the bytes and make sure the
offset advances, return the entire reported tvb length, not the
number of bytes remaining.
Fixup 8d3c2177793e900cfc7cfaac776a2807e4ea289f
Fixes #19068
Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/118815ca7c9f82c1f83f8f64d9e0e54673f31677]
CVE: CVE-2023-2879
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
epan/dissectors/packet-gdsdb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-gdsdb.c b/epan/dissectors/packet-gdsdb.c
index 75bcfb9..950d68f 100644
--- a/epan/dissectors/packet-gdsdb.c
+++ b/epan/dissectors/packet-gdsdb.c
@@ -480,7 +480,7 @@ static int add_uint_string(proto_tree *tree, int hf_string, tvbuff_t *tvb, int o
int ret_offset = offset + length;
if (length < 4 || ret_offset < offset) {
expert_add_info_format(NULL, ti, &ei_gdsdb_invalid_length, "Invalid length: %d", length);
- return tvb_reported_length_remaining(tvb, offset);
+ return tvb_reported_length(tvb);
}
return ret_offset;
}
--
2.25.1
|
