svn commit: r355890 - vendor/libpcap/dist

Cy Schubert cy at FreeBSD.org
Thu Dec 19 00:11:19 UTC 2019 

Author: cy
Date: Thu Dec 19 00:11:18 2019
New Revision: 355890
URL: https://svnweb.freebsd.org/changeset/base/355890

Log:
  Fix libpcap issue #893: check for invalid IPv4 addresses.
  
  This fixes errors such as:
  
  tcpdump -i lagg0 net 999.999.999.999
  
  This was originally discovered on a Red Hat 7.7 server and verified
  to also be a bug on FreeBSD.
  
  Obtained from:	https://github.com/the-tcpdump-group/libpcap/commit/ \
  		07070918d5e81a515315b395f334e52589fe0fb
  Fixed by:	https://github.com/guyharris

Modified:
  vendor/libpcap/dist/gencode.c
  vendor/libpcap/dist/nametoaddr.c

Modified: vendor/libpcap/dist/gencode.c
==============================================================================
--- vendor/libpcap/dist/gencode.c	Wed Dec 18 23:00:56 2019	(r355889)
+++ vendor/libpcap/dist/gencode.c	Thu Dec 19 00:11:18 2019	(r355890)
@@ -6955,11 +6955,15 @@ gen_mcode(compiler_state_t *cstate, const char *s1, co
 		return (NULL);
 
 	nlen = __pcap_atoin(s1, &n);
+	if (nlen < 0)
+		bpf_error(cstate, "invalid IPv4 address '%s'", s1);
 	/* Promote short ipaddr */
 	n <<= 32 - nlen;
 
 	if (s2 != NULL) {
 		mlen = __pcap_atoin(s2, &m);
+		if (mlen < 0)
+			bpf_error(cstate, "invalid IPv4 address '%s'", s2);
 		/* Promote short ipaddr */
 		m <<= 32 - mlen;
 		if ((n & ~m) != 0)
@@ -7017,8 +7021,11 @@ gen_ncode(compiler_state_t *cstate, const char *s, bpf
 		vlen = __pcap_atodn(s, &v);
 		if (vlen == 0)
 			bpf_error(cstate, "malformed decnet address '%s'", s);
-	} else
+	} else {
 		vlen = __pcap_atoin(s, &v);
+		if (vlen < 0)
+			bpf_error(cstate, "invalid IPv4 address '%s'", s);
+	}
 
 	switch (q.addr) {
 

Modified: vendor/libpcap/dist/nametoaddr.c
==============================================================================
--- vendor/libpcap/dist/nametoaddr.c	Wed Dec 18 23:00:56 2019	(r355889)
+++ vendor/libpcap/dist/nametoaddr.c	Thu Dec 19 00:11:18 2019	(r355890)
@@ -653,8 +653,15 @@ __pcap_atoin(const char *s, bpf_u_int32 *addr)
 	len = 0;
 	for (;;) {
 		n = 0;
-		while (*s && *s != '.')
+		while (*s && *s != '.') {
+			if (n > 25) {
+				/* The result will be > 255 */
+				return -1;
+			}
 			n = n * 10 + *s++ - '0';
+		}
+		if (n > 255)
+			return -1;
 		*addr <<= 8;
 		*addr |= n & 0xff;
 		len += 8;

More information about the svn-src-all mailing list