[Bug 278034] tcpdump's ip6_print can read beyond buffer end

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 04 Apr 2024 08:08:17 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278034

--- Comment #4 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=4848eb3af2a91b133c4b70cb9b71dd92ffec7f46

commit 4848eb3af2a91b133c4b70cb9b71dd92ffec7f46
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-04-01 09:42:14 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-04-04 08:07:05 +0000

    tcpdump: cope with incorrect packet lengths

    It's possible for the capture buffer to be smaller than indicated by the
    header length. However, pfsync_print() only took the header length into
    account. As a result we could read outside of the buffer.

    Check that we have at least the expected amount of data before we start
    parsing.

    PR:             278034
    MFC after:      2 weeks
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D44580

 contrib/tcpdump/print-pfsync.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.