Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jan 2015 01:39:43 +0000 (UTC)
From:      "Pedro F. Giffuni" <pfg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r277782 - vendor/tcpdump/dist
Message-ID:  <201501270139.t0R1dhs3097293@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: pfg
Date: Tue Jan 27 01:39:42 2015
New Revision: 277782
URL: https://svnweb.freebsd.org/changeset/base/277782

Log:
  Merge some cherry-picked fixes originating in OpenBSD
  
  Check whether the version field is available before looking at it.
  While we're at it, use ND_TCHECK(), rather than a hand-rolled check, to
  check whether we have the full fixed-length portion of the IPv4 header.
  
  commit c67afe913011138a2504ec4d3d423b48e73b12f3
  
  Do more length checking. From OpenBSD.
  
  commit d7516761f9c4877bcb05bb6543be3543e165249

Modified:
  vendor/tcpdump/dist/print-ip.c
  vendor/tcpdump/dist/print-sl.c

Modified: vendor/tcpdump/dist/print-ip.c
==============================================================================
--- vendor/tcpdump/dist/print-ip.c	Mon Jan 26 23:45:10 2015	(r277781)
+++ vendor/tcpdump/dist/print-ip.c	Tue Jan 27 01:39:42 2015	(r277782)
@@ -529,6 +529,7 @@ ip_print(netdissect_options *ndo,
 	struct protoent *proto;
 
 	ipds->ip = (const struct ip *)bp;
+	ND_TCHECK(ipds->ip->ip_vhl);
 	if (IP_V(ipds->ip) != 4) { /* print version if != 4 */
 	    ND_PRINT((ndo, "IP%u ", IP_V(ipds->ip)));
 	    if (IP_V(ipds->ip) == 6)
@@ -537,10 +538,7 @@ ip_print(netdissect_options *ndo,
 	else if (!ndo->ndo_eflag)
 		ND_PRINT((ndo, "IP "));
 
-	if ((u_char *)(ipds->ip + 1) > ndo->ndo_snapend) {
-		ND_PRINT((ndo, "%s", tstr));
-		return;
-	}
+	ND_TCHECK(*ipds->ip);
 	if (length < sizeof (struct ip)) {
 		ND_PRINT((ndo, "truncated-ip %u", length));
 		return;
@@ -669,6 +667,11 @@ ip_print(netdissect_options *ndo,
 				ND_PRINT((ndo, " ip-proto-%d", ipds->ip->ip_p));
 		}
 	}
+	return;
+
+trunc:
+	ND_PRINT((ndo, "%s", tstr));
+	return;
 }
 
 void

Modified: vendor/tcpdump/dist/print-sl.c
==============================================================================
--- vendor/tcpdump/dist/print-sl.c	Mon Jan 26 23:45:10 2015	(r277781)
+++ vendor/tcpdump/dist/print-sl.c	Tue Jan 27 01:39:42 2015	(r277782)
@@ -62,7 +62,7 @@ sl_if_print(netdissect_options *ndo,
 	register u_int length = h->len;
 	register const struct ip *ip;
 
-	if (caplen < SLIP_HDRLEN) {
+	if (caplen < SLIP_HDRLEN || length < SLIP_HDRLEN) {
 		ND_PRINT((ndo, "%s", tstr));
 		return (caplen);
 	}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201501270139.t0R1dhs3097293>