diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2014-12-03 13:19:04 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2014-12-03 13:19:04 +0000 |
| commit | f49941e40cc87542a8dc3e1a70f0485f5a2754bb (patch) | |
| tree | bb6eeac4944d01fc755fd51adbf93dda51876528 /usr.sbin/tcpdump/print-ip.c | |
| parent | c560b9ab87d2dde65c28c7ee2feba471b3842e3b (diff) | |
Fixup a crash found by jsg using the AFL fuzzer. IP and IPv6 printing
routines should check that there's at least a complete IP/IPv6 header
available in the buffer before trying to do anything else.
ok jsg
Diffstat (limited to 'usr.sbin/tcpdump/print-ip.c')
| -rw-r--r-- | usr.sbin/tcpdump/print-ip.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/tcpdump/print-ip.c b/usr.sbin/tcpdump/print-ip.c index 3f4194c5ad3..c13550f7ae9 100644 --- a/usr.sbin/tcpdump/print-ip.c +++ b/usr.sbin/tcpdump/print-ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-ip.c,v 1.39 2014/08/14 12:44:44 mpi Exp $ */ +/* $OpenBSD: print-ip.c,v 1.40 2014/12/03 13:19:03 mikeb Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -358,6 +358,11 @@ ip_print(register const u_char *bp, register u_int length) register const u_char *cp; ip = (const struct ip *)bp; + if ((u_char *)(ip + 1) > snapend) { + printf("[|ip]"); + return; + } + /* * If the IP header is not aligned, copy into abuf. * This will never happen with BPF. It does happen with raw packet |