mirrors/tcpdump
0
0
Fork 0
mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2024-11-23 18:14:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2016-7985,7986/fixup medsa_print()

Browse Source 
The code in medsa_print() assumed that the MEDSA packet always follows
an Ethernet header that is inside the allocated memory buffer. But
this is not always the case, see commit 6bc4429 for rationale.

Eliminate the Ethernet header pointer and just pass on the struct
lladdr_info arguments provided.
This commit is contained in:
Denis Ovsienko 2017-01-18 18:01:52 +00:00
parent 2cc01cb08d
commit cae54f4d94
3 changed files with 6 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
netdissect.h
View File

@ -547,7 +547,7 @@ extern void lwapp_control_print(netdissect_options *, const u_char *, u_int, int
extern void lwapp_data_print(netdissect_options *, const u_char *, u_int);
extern void lwres_print(netdissect_options *, const u_char *, u_int);
extern void m3ua_print(netdissect_options *, const u_char *, const u_int);
extern void medsa_print(netdissect_options *, const u_char *, u_int, u_int);
extern void medsa_print(netdissect_options *, const u_char *, u_int, u_int, const struct lladdr_info *, const struct lladdr_info *);
extern u_int mfr_print(netdissect_options *, register const u_char *, u_int);
extern void mobile_print(netdissect_options *, const u_char *, u_int);
extern int mobility_print(netdissect_options *, const u_char *, const u_char *);

2
print-ether.c
View File

@ -439,7 +439,7 @@ ethertype_print(netdissect_options *ndo,
return (1);
case ETHERTYPE_MEDSA:
medsa_print(ndo, p, length, caplen);
medsa_print(ndo, p, length, caplen, src, dst);
return (1);
case ETHERTYPE_LAT:

15
print-medsa.c
View File

@ -138,15 +138,13 @@ medsa_print_full(netdissect_options *ndo,
void
medsa_print(netdissect_options *ndo,
const u_char *bp, u_int length, u_int caplen)
const u_char *bp, u_int length, u_int caplen,
const struct lladdr_info *src, const struct lladdr_info *dst)
{
register const struct ether_header *ep;
const struct medsa_pkthdr *medsa;
struct lladdr_info src, dst;
u_short ether_type;
medsa = (const struct medsa_pkthdr *)bp;
ep = (const struct ether_header *)(bp - sizeof(*ep));
ND_TCHECK(*medsa);
if (!ndo->ndo_eflag)
@ -159,14 +157,10 @@ medsa_print(netdissect_options *ndo,
length -= 8;
caplen -= 8;
src.addr = ESRC(ep);
src.addr_string = etheraddr_string;
dst.addr = EDST(ep);
dst.addr_string = etheraddr_string;
ether_type = EXTRACT_16BITS(&medsa->ether_type);
if (ether_type <= ETHERMTU) {
/* Try to print the LLC-layer header & higher layers */
if (llc_print(ndo, bp, length, caplen, &src, &dst) < 0) {
if (llc_print(ndo, bp, length, caplen, src, dst) < 0) {
/* packet type not known, print raw packet */
if (!ndo->ndo_suppress_default_print)
ND_DEFAULTPRINT(bp, caplen);
@ -177,8 +171,7 @@ medsa_print(netdissect_options *ndo,
tok2str(ethertype_values, "Unknown",
ether_type),
ether_type));
if (ethertype_print(ndo, ether_type, bp, length, caplen, &src, &dst) == 0) {
if (ethertype_print(ndo, ether_type, bp, length, caplen, src, dst) == 0) {
/* ether_type not known, print raw packet */
if (!ndo->ndo_eflag)
ND_PRINT((ndo, "ethertype %s (0x%04x) ",