d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Commit vendor fix for l2tp vulnerability reported by

Browse Source 
Przemyslaw Frasunek on bugtraq list.
This commit is contained in:
Bill Fenner 2004-01-13 17:28:06 +00:00
parent 9afd0c2902
commit b97c9af58a
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
contrib/tcpdump/print-l2tp.c
View File

@ -476,8 +476,17 @@ l2tp_avp_print(const u_char *dat, int length)
TCHECK(*ptr); /* Flags & Length */
len = EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_LEN_MASK;
/* If it is not long enough to decode the entire AVP, we'll
abandon. */
/* If it is not long enough to contain the header, we'll give up. */
if (len < 6)
goto trunc;
/* If it goes past the end of the remaining length of the packet,
we'll give up. */
if (len > (u_int)length)
goto trunc;
/* If it goes past the end of the remaining length of the captured
data, we'll give up. */
TCHECK2(*ptr, len);
/* After this point, no need to worry about truncation */