diff options
| author | Guy Harris <guy@alum.mit.edu> | 2015-07-03 15:54:14 -0700 |
|---|---|---|
| committer | Francois-Xavier Le Bail <fx.lebail@yahoo.com> | 2017-01-18 09:16:36 +0100 |
| commit | 6bc44295cfbe1f7b6633c755841518f4b159aa8a (patch) | |
| tree | 859fda193d4664cfce2892e3c3c219847ada789b /print-geonet.c | |
| parent | 237efcf593ee369519e9dfdc9166702219dabfec (diff) | |
| download | tcpdump-6bc44295cfbe1f7b6633c755841518f4b159aa8a.tar.gz | |
CVE-2016-7985,7986/Change the way protocols print link-layer addresses.
If a protocol that runs under a link-layer protocol would print the
link-layer addresses for the packet as source and destination addresses
for the packet, don't have it blithely assume those link-layer addresses
are present or are at a particular offset from the beginning of that
protocol's data; Ethertypes, for example, are used by a number of
protocols, not all of which have Ethernet headers and not all of which
have any MAC headers.
Instead, pass the printers for those protocols structures with a pointer
to the address data and a pointer to a routine that prints the address.
Fixes some heap overflows found with American Fuzzy Lop by Hanno Böck.
Diffstat (limited to 'print-geonet.c')
| -rw-r--r-- | print-geonet.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/print-geonet.c b/print-geonet.c index 61441a0b..9da89bfe 100644 --- a/print-geonet.c +++ b/print-geonet.c @@ -86,6 +86,8 @@ print_long_pos_vector(netdissect_options *ndo, { uint32_t lat, lon; + if (!ND_TTEST2(*bp, GEONET_ADDR_LEN)) + return (-1); ND_PRINT((ndo, "GN_ADDR:%s ", linkaddr_string (ndo, bp, 0, GEONET_ADDR_LEN))); if (!ND_TTEST2(*(bp+12), 8)) @@ -103,7 +105,8 @@ print_long_pos_vector(netdissect_options *ndo, * to the geonet header of the packet. */ void -geonet_print(netdissect_options *ndo, const u_char *eth, const u_char *bp, u_int length) +geonet_print(netdissect_options *ndo, const u_char *bp, u_int length, + const struct lladdr_info *src) { int version; int next_hdr; @@ -115,13 +118,16 @@ geonet_print(netdissect_options *ndo, const u_char *eth, const u_char *bp, u_int const char *hdr_type_txt = "Unknown"; int hdr_size = -1; - ND_PRINT((ndo, "GeoNet src:%s; ", etheraddr_string(ndo, eth+6))); + ND_PRINT((ndo, "GeoNet ")); + if (src != NULL) + ND_PRINT((ndo, "src:%s", (src->addr_string)(ndo, src->addr))); + ND_PRINT((ndo, "; ")); /* Process Common Header */ if (length < 36) goto invalid; - ND_TCHECK2(*bp, 7); + ND_TCHECK2(*bp, 8); version = bp[0] >> 4; next_hdr = bp[0] & 0x0f; hdr_type = bp[1] >> 4; |