mirrors/tcpdump
0
0
Fork 0
mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2024-12-04 15:34:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,325 Commits 19 Branches 49 Tags 52 MiB
eb957099ac
Commit Graph

4 Commits

Author SHA1 Message Date
Francois-Xavier Le Bail
91977d2d58 QUIC: Fix a pointer overflow with 32-bit executable 
When decoding an IPv6 Jumbo frame, the lenght of the payload may be huge
(e.g. 201311154). This gives a huge length to udp_print() and then
to quic_print() (e.g. 201311130). With 32-bit executable, addding the
length to the pointer can overflow, like:

print-quic.c:277:26: runtime error: pointer index expression with base
0xf42032c0 overflowed to 0x001ff65a

Use ND_BYTES_AVAILABLE_AFTER() to assign the 'end' pointer.

quic_print(): Remove the parameter 'len' no longer used.

Add a test file.

Update the output of a test accordingly (packet 10 not truncated).
 2023-08-12 20:54:58 +02:00
Rui Paulo
c8bf9d20b3 Fix OOB read while parsing QUIC SH packets. 2021-12-23 11:11:54 +00:00
Francois-Xavier Le Bail
a3cfb6a87b QUIC: Fix getting packet type in Long Header 
This change should fix the Coverity Scan issue CID 1493488:
178                             ND_PRINT(", handshake");
>>> CID 1493488:  Control flow issues  (DEADCODE)
>>> Execution cannot reach this statement: "if (packet_type == QUIC_LH_...".
179                     else if (packet_type == QUIC_LH_TYPE_RETRY)
 2021-11-09 20:25:15 +01:00
Rui Paulo
8ce37b54ed Initial support to parse QUIC packets. 2021-11-09 09:11:34 +01:00