summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Gwynne <dlg@cvs.openbsd.org>2009-02-23 10:28:17 +0000
committerDavid Gwynne <dlg@cvs.openbsd.org>2009-02-23 10:28:17 +0000
commitd7828af3a1531f63df1cb451ee02cc14cad84ba6 (patch)
tree81262e334c0f4c20e42f6e5595f9e99aa8af84ba
parente3cceaae134f7f074291370048fbe6c005b12e45 (diff)
better detect short frames. always print the version and length of the
frame according to the pfsync header. dont try to parse an unsupported version of the protocol.
-rw-r--r--usr.sbin/tcpdump/print-pfsync.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/usr.sbin/tcpdump/print-pfsync.c b/usr.sbin/tcpdump/print-pfsync.c
index 4f082b2c111..f2018f2f46b 100644
--- a/usr.sbin/tcpdump/print-pfsync.c
+++ b/usr.sbin/tcpdump/print-pfsync.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: print-pfsync.c,v 1.33 2009/02/16 00:31:25 dlg Exp $ */
+/* $OpenBSD: print-pfsync.c,v 1.34 2009/02/23 10:28:16 dlg Exp $ */
/*
* Copyright (c) 2002 Michael Shalayeff
@@ -28,7 +28,7 @@
#ifndef lint
static const char rcsid[] =
- "@(#) $Id: print-pfsync.c,v 1.33 2009/02/16 00:31:25 dlg Exp $";
+ "@(#) $Id: print-pfsync.c,v 1.34 2009/02/23 10:28:16 dlg Exp $";
#endif
#include <sys/param.h>
@@ -149,8 +149,10 @@ pfsync_print(struct pfsync_header *hdr, const u_char *bp, int len)
plen = ntohs(hdr->len);
- if (eflag)
- printf("PFSYNCv%d len %d", hdr->version, plen);
+ printf("PFSYNCv%d len %d", hdr->version, plen);
+
+ if (hdr->version != PFSYNC_VERSION)
+ return;
plen -= sizeof(*hdr);
@@ -185,8 +187,10 @@ pfsync_print(struct pfsync_header *hdr, const u_char *bp, int len)
}
for (i = 0; i < count; i++) {
- if (alen > len)
+ if (len < alen) {
+ len = 0;
break;
+ }
if (actions[subh->action].print(flags, bp) != 0)
return;