Fix a crash that occurs when printing the filename in a malformed NFS

request packet. From Kevin Reay who obtained the fix from the tcpdump.org repo (part of commit 6191f36146f5d286304e9b6e893477fe509d83ab). ok canacar@ sthen@
author: lteo <lteo@openbsd.org> 2015-10-15 02:33:25 +0000
committer: lteo <lteo@openbsd.org> 2015-10-15 02:33:25 +0000
commit: 1786e3cc0a959b5cb7b1e63cbc43c7a3ca282ac0 (patch)
tree: db829f5cee0db05a46b29aad9907cd0568d20a2d /usr.sbin/tcpdump/print-nfs.c
parent: Add missing includes to make the pf(4) man page example program compile (diff)
download: wireguard-openbsd-1786e3cc0a959b5cb7b1e63cbc43c7a3ca282ac0.tar.xz
wireguard-openbsd-1786e3cc0a959b5cb7b1e63cbc43c7a3ca282ac0.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/usr.sbin/tcpdump/print-nfs.c b/usr.sbin/tcpdump/print-nfs.c
index daf3a0f86f3..3697e9938f3 100644
--- a/usr.sbin/tcpdump/print-nfs.c
+++ b/usr.sbin/tcpdump/print-nfs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: print-nfs.c,v 1.19 2015/01/16 06:40:21 deraadt Exp $	*/
+/*	$OpenBSD: print-nfs.c,v 1.20 2015/10/15 02:33:25 lteo Exp $	*/
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -381,9 +381,11 @@ parsefn(register const u_int32_t *dp)
 	cp = (u_char *)dp;
 	/* Update 32-bit pointer (NFS filenames padded to 32-bit boundaries) */
 	dp += ((len + 3) & ~3) / sizeof(*dp);
-	/* XXX seems like we should be checking the length */
 	putchar('"');
-	(void) fn_printn(cp, len, NULL);
+	if (fn_printn(cp, len, snapend)) {
+		putchar('"');
+		goto trunc;
+	}
 	putchar('"');
 
 	return (dp);
author	lteo <lteo@openbsd.org>	2015-10-15 02:33:25 +0000
committer	lteo <lteo@openbsd.org>	2015-10-15 02:33:25 +0000
commit	1786e3cc0a959b5cb7b1e63cbc43c7a3ca282ac0 (patch)
tree	db829f5cee0db05a46b29aad9907cd0568d20a2d /usr.sbin/tcpdump/print-nfs.c
parent	Add missing includes to make the pf(4) man page example program compile (diff)
download	wireguard-openbsd-1786e3cc0a959b5cb7b1e63cbc43c7a3ca282ac0.tar.xz wireguard-openbsd-1786e3cc0a959b5cb7b1e63cbc43c7a3ca282ac0.zip