d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

In TTEST2(), check to make sure the "l" argument isn't so large that

Browse Source 
"snapend - l" underflows; this fixes a buffer overflow with malformed
NFS packets, and may fix other buffer overflows with malformed packets.

Obtained from:	tcpdump.org CVS
This commit is contained in:
Bill Fenner 2002-06-17 15:26:56 +00:00
parent be2694ca0e
commit 93b99d6264
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
contrib/tcpdump/interface.h
View File

@ -132,8 +132,16 @@ extern int snaplen;
extern const u_char *packetp;
extern const u_char *snapend;
/* True if "l" bytes of "var" were captured */
#define TTEST2(var, l) ((u_char *)&(var) <= snapend - (l))
/*
* True if "l" bytes of "var" were captured.
*
* The "snapend - (l) <= snapend" checks to make sure "l" isn't so large
* that "snapend - (l)" underflows.
*
* The check is for <= rather than < because "l" might be 0.
*/
#define TTEST2(var, l) (snapend - (l) <= snapend && \
(const u_char *)&(var) <= snapend - (l))
/* True if "var" was captured */
#define TTEST(var) TTEST2(var, sizeof(var))