diff options
| author |   jsg <jsg@openbsd.org> | 2014-11-20 04:11:33 +0000 |
|---|---|---|
| committer | jsg <jsg@openbsd.org> | 2014-11-20 04:11:33 +0000 |
| commit | d2a924cb0fb1fdf951d817f6c339f0b224ae0fa2 (patch) | |
| tree | 4dc505820bff47cd239ad337d9e8362e6a30076b | |
| parent | sanity check the length of the packet in the pcap header (diff) | |
| download | wireguard-openbsd-d2a924cb0fb1fdf951d817f6c339f0b224ae0fa2.tar.xz wireguard-openbsd-d2a924cb0fb1fdf951d817f6c339f0b224ae0fa2.zip | |
better length handling. Fixes a crash found with the afl fuzzer.
slightly tweaked version of an earlier diff ok'd by djm@ and miod@
| -rw-r--r-- | usr.sbin/tcpdump/print-atm.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/tcpdump/print-atm.c b/usr.sbin/tcpdump/print-atm.c index c13becf7fa6..469cf7a2692 100644 --- a/usr.sbin/tcpdump/print-atm.c +++ b/usr.sbin/tcpdump/print-atm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-atm.c,v 1.10 2014/08/14 12:44:44 mpi Exp $ */ +/* $OpenBSD: print-atm.c,v 1.11 2014/11/20 04:11:33 jsg Exp $ */ /* * Copyright (c) 1994, 1995, 1996, 1997 @@ -65,6 +65,11 @@ atm_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) } if (p[0] != 0xaa || p[1] != 0xaa || p[2] != 0x03) { /*XXX assume 802.6 MAC header from fore driver */ +#define MIN_ATM_8026_HDRLEN (20 + 8) + if (caplen < MIN_ATM_8026_HDRLEN) { + printf("[|atm]"); + goto out; + } if (eflag) printf("%04x%04x %04x%04x ", p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3], |