From 02ad96f9879fdd3a268203fffef13be4b4d926cc Mon Sep 17 00:00:00 2001
From: Kaian <kaian@irontec.com>
Date: Mon, 21 Sep 2015 12:15:08 +0200
Subject: [PATCH] Avoid reassembly of packets bigger than 20Kb

---
 src/capture_reasm.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/capture_reasm.c b/src/capture_reasm.c
index 40d8a3a..f67e8d4 100644
--- a/src/capture_reasm.c
+++ b/src/capture_reasm.c
@@ -229,6 +229,13 @@ capture_packet_reasm_tcp(capture_packet_t *packet, struct tcphdr *tcp, u_char *p
         // Set initial payload
         capture_packet_set_payload(pkt, payload, size_payload);
     } else {
+        // Check payload length. Dont handle too big payload packets
+        if (pkt->payload_len + size_payload > MAX_CAPTURE_LEN) {
+            capture_packet_destroy(pkt);
+            vector_remove(capture_cfg.tcp_reasm, pkt);
+            return NULL;
+        }
+
         // Append payload to the existing
         new_payload = sng_malloc(pkt->payload_len + size_payload);
         memcpy(new_payload, pkt->payload, pkt->payload_len);