Date: Thu, 18 Apr 2024 13:37:17 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: bf0700716a2e - stable/13 - tcpdump: cope with incorrect packet lengths Message-ID: <202404181337.43IDbHtW041597@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=bf0700716a2e04464311e0b585b947d7d3e825b9 commit bf0700716a2e04464311e0b585b947d7d3e825b9 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-04-01 09:42:14 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-04-18 07:41:28 +0000 tcpdump: cope with incorrect packet lengths It's possible for the capture buffer to be smaller than indicated by the header length. However, pfsync_print() only took the header length into account. As a result we could read outside of the buffer. Check that we have at least the expected amount of data before we start parsing. PR: 278034 MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D44580 (cherry picked from commit 4848eb3af2a91b133c4b70cb9b71dd92ffec7f46) --- contrib/tcpdump/print-pfsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/tcpdump/print-pfsync.c b/contrib/tcpdump/print-pfsync.c index dc1cd039f5b0..cb1c3f3828fa 100644 --- a/contrib/tcpdump/print-pfsync.c +++ b/contrib/tcpdump/print-pfsync.c @@ -86,7 +86,7 @@ pfsync_ip_print(netdissect_options *ndo , const u_char *bp, u_int len) { struct pfsync_header *hdr = (struct pfsync_header *)bp; - if (len < PFSYNC_HDRLEN) + if (len < PFSYNC_HDRLEN || !ND_TTEST_LEN(bp, len)) ND_PRINT((ndo, "[|pfsync]")); else pfsync_print(ndo, hdr, bp + sizeof(struct pfsync_header),
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202404181337.43IDbHtW041597>