| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Add a sanity check on packet header length | Francois-Xavier Le Bail | 2018-02-07 | 1 | -0/+0 |
| | | | | | | | | | | | | | | | | | | | The packet length must be <= MAXIMUM_SNAPLEN. Currently, there is no D-Bus printer, thus no need for a bigger length. Now a pachet is valid if: capture length != 0, packet length != 0, capture length <= MAXIMUM_SNAPLEN, packet length <= MAXIMUM_SNAPLEN, packet length >= capture length. Moreover: Fix the packet header lengths of some fuzzed pcap files: If the lengths are > MAXIMUM_SNAPLEN, set them to MAXIMUM_SNAPLEN. Thus they will be always usable with this new sanity check. | ||||
| * | CVE-2017-5204/IPv6: fix header printing | Denis Ovsienko | 2017-01-18 | 1 | -0/+0 |
| Add a few checks to ip6_print() to make it stop decoding the IPv6 headers immediately when the header-specific functions signal an error condition. Without this it tried to fetch the next header selector for the next round regardless and could run outside of the allocated packet space on a specially crafted IPv6 packet. Brian Carpenter has demonstrated this for the Hop-by-Hop Options header. Fix that specific case and also the Destination Options and Fragment header processing as those use the same logic. | |||||
 |
index : delta/tcpdump.git | |
| github.com: the-tcpdump-group/tcpdump.git |
| summaryrefslogtreecommitdiff |