Merge pull request #532 from appneta/Bug_#520_2_heap-buffer-overflow_…

…problems

Bug #520 Fix heap overflow on zero or 0xFFFF packet length

configure.ac

@@ -4,7 +4,7 @@ dnl $Id$
 AC_PREREQ([2.69])
 
 dnl Set version info here!
-AC_INIT([tcpreplay],[4.3.0],
+AC_INIT([tcpreplay],[4.3.1],
     [https://github.com/appneta/tcpreplay/issues],
     [tcpreplay],
     [http://tcpreplay.sourceforge.net/])

docs/CHANGELOG

@@ -1,3 +1,7 @@
+12/27/2018 Version 4.3.1
+    - Fix checkspell detected typos (#531)
+    - Heap overflow packet2tree and get_l2len (#530)
+
 11/10/2018 Version 4.3.0
     - Fix maxOS TOS checksum failure (#524)
     - TCP sequence edits seeding (#514)

src/common/utils.c

@@ -134,8 +134,8 @@ u_char *_our_safe_pcap_next(pcap_t *pcap,  struct pcap_pkthdr *pkthdr,
             exit(-1);
         }
 
-        if (pkthdr->len < pkthdr->caplen) {
-            fprintf(stderr, "safe_pcap_next ERROR: Invalid packet length in %s:%s() line %d: packet length %u is less than capture length %u\n",
+        if (!pkthdr->len || pkthdr->len < pkthdr->caplen) {
+            fprintf(stderr, "safe_pcap_next ERROR: Invalid packet length in %s:%s() line %d: packet length=%u capture length=%u\n",
                     file, funcname, line, pkthdr->len, pkthdr->caplen);
             exit(-1);
         }
@@ -160,8 +160,8 @@ int _our_safe_pcap_next_ex(pcap_t *pcap, struct pcap_pkthdr **pkthdr,
             exit(-1);
         }
 
-        if ((*pkthdr)->len < (*pkthdr)->caplen) {
-            fprintf(stderr, "safe_pcap_next_ex ERROR: Invalid packet length in %s:%s() line %d: packet length %u is less than capture length %u\n",
+        if (!(*pkthdr)->len || (*pkthdr)->len < (*pkthdr)->caplen) {
+            fprintf(stderr, "safe_pcap_next_ex ERROR: Invalid packet length in %s:%s() line %d: packet length=%u capture length=%u\n",
                     file, funcname, line, (*pkthdr)->len, (*pkthdr)->caplen);
             exit(-1);
         }