Pullup ticket #3351 - requested by drochner
wireshark security patches

Revisions pulled up:
- pkgsrc/net/wireshark/Makefile			1.59
- pkgsrc/net/wireshark/distinfo			1.41
- pkgsrc/net/wireshark/patches/patch-af		1.1
- pkgsrc/net/wireshark/patches/patch-ag		1.1

-------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Thu Feb 10 11:00:57 UTC 2011

   Modified Files:
           pkgsrc/net/wireshark: Makefile distinfo
   Added Files:
           pkgsrc/net/wireshark/patches: patch-af patch-ag

   Log Message:
   add two patches from upstream:
   -fix possible free() of an uninitialized pointer when reading a
    malformed pcap-ng file (CVE-2011-0538)
   -add length check in pcap-ng reader
   bump PKGREV


(sbd)

$NetBSD: patch-af,v 1.1.2.2 2011/02/11 05:40:44 sbd Exp $

--- tshark.c.orig	2011-01-11 19:24:25.000000000 +0000
+++ tshark.c
@@ -2523,7 +2523,7 @@ load_cap_file(capture_file *cf, char *sa
   int          snapshot_length;
   wtap_dumper *pdh;
   int          err;
-  gchar        *err_info;
+  gchar        *err_info = NULL;
   gint64       data_offset;
   char         *save_file_string = NULL;
   gboolean     filtering_tap_listeners;

$NetBSD: patch-ag,v 1.1.2.2 2011/02/11 05:40:44 sbd Exp $

--- wiretap/pcapng.c.orig	2011-01-11 19:24:22.000000000 +0000
+++ wiretap/pcapng.c
@@ -806,18 +806,26 @@ pcapng_read_packet_block(FILE_T fh, pcap
 		pcapng_debug2("pcapng_read_packet_block:cap_len %d is larger than packet_len %u.",
 		              wblock->data.packet.cap_len, wblock->data.packet.packet_len);
 		*err = WTAP_ERR_BAD_RECORD;
+		*err_info = g_strdup("pcapng_read_packet_block:cap_len is larger than packet_len");
 		return 0;
 	}
 	if (wblock->data.packet.cap_len > WTAP_MAX_PACKET_SIZE) {
 		pcapng_debug2("pcapng_read_packet_block:cap_len %d is larger than WTAP_MAX_PACKET_SIZE %u.",
 		              wblock->data.packet.cap_len, WTAP_MAX_PACKET_SIZE);
 		*err = WTAP_ERR_BAD_RECORD;
+		*err_info = g_strdup("pcapng_read_packet_block:cap_len is larger than WTAP_MAX_PACKET_SIZE");
 		return 0;
 	}
 	pcapng_debug3("pcapng_read_packet_block: packet data: packet_len %u captured_len %u interface_id %u",
 	              wblock->data.packet.packet_len,
 	              wblock->data.packet.cap_len,
 	              wblock->data.packet.interface_id);
+	if (wblock->data.packet.packet_len > WTAP_MAX_PACKET_SIZE) {
+		*err = WTAP_ERR_BAD_RECORD;
+		*err_info = g_strdup_printf("pcapng_read_packet_block: packet_len %u is larger than WTAP_MAX_PACKET_SIZE %u.",
+			wblock->data.packet.packet_len, WTAP_MAX_PACKET_SIZE);
+		return 0;
+	}
 
 	wtap_encap = pcapng_get_encap(wblock->data.packet.interface_id, pn);
 	pcapng_debug3("pcapng_read_packet_block: encapsulation = %d (%s), pseudo header size = %d.",
@@ -980,6 +988,12 @@ pcapng_read_simple_packet_block(FILE_T f
 	}
 	pcapng_debug1("pcapng_read_simple_packet_block: packet data: packet_len %u",
 	               wblock->data.simple_packet.packet_len);
+	if (wblock->data.simple_packet.packet_len > WTAP_MAX_PACKET_SIZE) {
+		*err = WTAP_ERR_BAD_RECORD;
+		*err_info = g_strdup_printf("pcapng_read_simple_packet_block: packet_len %u is larger than WTAP_MAX_PACKET_SIZE %u.",
+			wblock->data.simple_packet.packet_len, WTAP_MAX_PACKET_SIZE);
+		return 0;
+	}
 
 	encap = pcapng_get_encap(0, pn);
 	pcapng_debug1("pcapng_read_simple_packet_block: Need to read pseudo header of size %d",