mirrors/tcpdump
0
0
Fork 0
mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2024-11-24 10:33:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

RADIUS: Fix some issues in print_attr_netmask6().

Browse Source 
This is a follow-up to commit e606750 (RFC 3162).

Move the bounds check before the code that reads from the input buffer,
make the IPv6 address temporary buffer right-sized, add a test and a
diagnostic message for the prefix length.
This commit is contained in:
Denis Ovsienko 2017-09-24 14:10:26 +01:00
parent 3cd5403c8f
commit 0bc9b44dfa
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
print-radius.c
View File

@ -899,26 +899,29 @@ static void
print_attr_netmask6(netdissect_options *ndo,
register const u_char *data, u_int length, u_short attr_code _U_)
{
u_char data2[18];
u_char data2[16];
if (length < 2 || length > 18)
{
ND_PRINT((ndo, "ERROR: length %u not in range (2..18)", length));
return;
}
else if (data[1] > 128)
ND_TCHECK2(data[0], length);
if (data[1] > 128)
{
ND_PRINT((ndo, "ERROR: netmask %u not in range (0..128)", data[1]));
return;
}
ND_TCHECK2(data[0], length);
memset(data2, 0, sizeof(data2));
if (length > 2)
memcpy(data2, data+2, length-2);
ND_PRINT((ndo, "%s/%u", ip6addr_string(ndo, data2), data[1]));
if (data[1] > 8 * (length - 2))
ND_PRINT((ndo, " (inconsistent prefix length)"));
return;
trunc: