upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-18 18:20:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

tcpdump: cope with incorrect packet lengths

Browse source 
It's possible for the capture buffer to be smaller than indicated by the
header length. However, pfsync_print() only took the header length into
account. As a result we could read outside of the buffer.

Check that we have at least the expected amount of data before we start
parsing.

PR:		278034
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D44580

(cherry picked from commit 4848eb3af2a91b133c4b70cb9b71dd92ffec7f46)
This commit is contained in:
Kristof Provost 2024-04-01 11:42:14 +02:00
parent 5abbbb7c64
commit dc16f5fe14
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
contrib/tcpdump/print-pfsync.c
View file

@ -86,7 +86,7 @@ pfsync_ip_print(netdissect_options *ndo , const u_char *bp, u_int len)
{
struct pfsync_header *hdr = (struct pfsync_header *)bp;
if (len < PFSYNC_HDRLEN)
if (len < PFSYNC_HDRLEN || !ND_TTEST_LEN(bp, len))
ND_PRINT("[|pfsync]");
else
pfsync_print(ndo, hdr, bp + sizeof(struct pfsync_header),