mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-06 16:40:47 +00:00
tcpdump: cope with incorrect packet lengths
It's possible for the capture buffer to be smaller than indicated by the
header length. However, pfsync_print() only took the header length into
account. As a result we could read outside of the buffer.
Check that we have at least the expected amount of data before we start
parsing.
PR: 278034
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D44580
(cherry picked from commit 4848eb3af2
)
This commit is contained in:
parent
da013f1d5f
commit
bf0700716a
|
@ -86,7 +86,7 @@ pfsync_ip_print(netdissect_options *ndo , const u_char *bp, u_int len)
|
|||
{
|
||||
struct pfsync_header *hdr = (struct pfsync_header *)bp;
|
||||
|
||||
if (len < PFSYNC_HDRLEN)
|
||||
if (len < PFSYNC_HDRLEN || !ND_TTEST_LEN(bp, len))
|
||||
ND_PRINT((ndo, "[|pfsync]"));
|
||||
else
|
||||
pfsync_print(ndo, hdr, bp + sizeof(struct pfsync_header),
|
||||
|
|
Loading…
Reference in a new issue