system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-06 16:40:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

tcpdump: cope with incorrect packet lengths

Browse source 
It's possible for the capture buffer to be smaller than indicated by the
header length. However, pfsync_print() only took the header length into
account. As a result we could read outside of the buffer.

Check that we have at least the expected amount of data before we start
parsing.

PR:		278034
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D44580

(cherry picked from commit 4848eb3af2)
This commit is contained in:
Kristof Provost 2024-04-01 11:42:14 +02:00
parent da013f1d5f
commit bf0700716a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
contrib/tcpdump/print-pfsync.c
View file

@ -86,7 +86,7 @@ pfsync_ip_print(netdissect_options *ndo , const u_char *bp, u_int len)
{
struct pfsync_header *hdr = (struct pfsync_header *)bp;
if (len < PFSYNC_HDRLEN)
if (len < PFSYNC_HDRLEN || !ND_TTEST_LEN(bp, len))
ND_PRINT((ndo, "[|pfsync]"));
else
pfsync_print(ndo, hdr, bp + sizeof(struct pfsync_header),