mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-11-24 02:23:27 +08:00
d6913f7e3f
Add a few checks to ip6_print() to make it stop decoding the IPv6 headers immediately when the header-specific functions signal an error condition. Without this it tried to fetch the next header selector for the next round regardless and could run outside of the allocated packet space on a specially crafted IPv6 packet. Brian Carpenter has demonstrated this for the Hop-by-Hop Options header. Fix that specific case and also the Destination Options and Fragment header processing as those use the same logic.
2 lines
194 B
Plaintext
2 lines
194 B
Plaintext
IP6 (class 0x33, flowlabel 0x03030, hlim 48, next-header Options (0) payload length: 12336) 3030:3030:3030:3030:3030:3030:3030:3030 > 3030:3030:3030:3030:3030:3030:3030:3030: HBH [trunc] [|HBH]
|