mirrors/tcpdump
0
0
Fork 0
mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2024-11-23 18:14:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

Rx: add a missing bounds check for callbacks

Browse Source 
Add a bounds check to cb_print(), this likely makes the same type of
bugfix as the previous commit but comes without a test case as the
problem was identified through code review.

Add a comment about bounds check to ubik_print().
This commit is contained in:
Denis Ovsienko 2017-08-04 21:57:55 +01:00
parent aa08581000
commit 6283c99a51
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
print-rx.c
View File

@ -1262,6 +1262,7 @@ cb_print(netdissect_options *ndo,
if (j == 0)
ND_PRINT((ndo, " <none!>"));
ND_TCHECK_32BITS(bp);
j = EXTRACT_32BITS(bp);
bp += sizeof(int32_t);
@ -2533,6 +2534,10 @@ ubik_print(netdissect_options *ndo,
* gleaned from ubik/ubik_int.xg
*/
/* Every function that calls this function first makes a bounds check
* for (sizeof(rx_header) + 4) bytes, so long as it remains this way
* the line below will not over-read.
*/
ubik_op = EXTRACT_32BITS(bp + sizeof(struct rx_header));
ND_PRINT((ndo, " ubik call %s", tok2str(ubik_req, "op#%d", ubik_op)));