Avoid integer underflow due to tiny snaplen

For DLT_NULL and DLT_LOOP interfaces, print-null.c passes `caplen - NULL_HDRLEN' as length to default_print() which takes an unsigned integer, hence if caplen is smaller than the header itself (four octets), this difference wraps around. Exit early in such cases and print the expected truncation marker "[|null]" instead. Feedback OK dlg
author: kn <kn@openbsd.org> 2020-07-21 01:09:03 +0000
committer: kn <kn@openbsd.org> 2020-07-21 01:09:03 +0000
commit: 5157c9d7e42432fb29ebdca75fcc4b75a4ac8d0f (patch)
tree: bdfed1e5234f37a011cf7a6e0e4a8c5fea6962a5 /usr.sbin/tcpdump/print-null.c
parent: ramdisks got broken by that last diff. (diff)
download: wireguard-openbsd-5157c9d7e42432fb29ebdca75fcc4b75a4ac8d0f.tar.xz
wireguard-openbsd-5157c9d7e42432fb29ebdca75fcc4b75a4ac8d0f.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/tcpdump/print-null.c b/usr.sbin/tcpdump/print-null.c
index a42b3599a86..f90f5e9030c 100644
--- a/usr.sbin/tcpdump/print-null.c
+++ b/usr.sbin/tcpdump/print-null.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: print-null.c,v 1.23 2018/10/22 16:12:45 kn Exp $	*/
+/*	$OpenBSD: print-null.c,v 1.24 2020/07/21 01:09:03 kn Exp $	*/
 
 /*
  * Copyright (c) 1991, 1993, 1994, 1995, 1996, 1997
@@ -119,6 +119,11 @@ null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 
 	ts_print(&h->ts);
 
+	if (caplen < NULL_HDRLEN) {
+		printf("[|null]");
+		goto out;
+	}
+
 	/*
 	 * Some printers want to get back at the link level addresses,
 	 * and/or check that they're not walking off the end of the packet.
author	kn <kn@openbsd.org>	2020-07-21 01:09:03 +0000
committer	kn <kn@openbsd.org>	2020-07-21 01:09:03 +0000
commit	5157c9d7e42432fb29ebdca75fcc4b75a4ac8d0f (patch)
tree	bdfed1e5234f37a011cf7a6e0e4a8c5fea6962a5 /usr.sbin/tcpdump/print-null.c
parent	ramdisks got broken by that last diff. (diff)
download	wireguard-openbsd-5157c9d7e42432fb29ebdca75fcc4b75a4ac8d0f.tar.xz wireguard-openbsd-5157c9d7e42432fb29ebdca75fcc4b75a4ac8d0f.zip