diff options
| author | kn <kn@cvs.openbsd.org> | 2020-07-21 01:09:04 +0000 |
|---|---|---|
| committer | kn <kn@cvs.openbsd.org> | 2020-07-21 01:09:04 +0000 |
| commit | 4b407498f6de52378766d50b3dff70d251899460 (patch) | |
| tree | 6d1d72363331316fb7d0d2e0dda7f47c0a1eef28 /usr.sbin | |
| parent | 1e280472fdab2b660fbb0e7d0ccb93287c7daed4 (diff) | |
Avoid integer underflow due to tiny snaplen
For DLT_NULL and DLT_LOOP interfaces, print-null.c passes
`caplen - NULL_HDRLEN' as length to default_print() which takes an unsigned
integer, hence if caplen is smaller than the header itself (four octets),
this difference wraps around.
Exit early in such cases and print the expected truncation marker "[|null]"
instead.
Feedback OK dlg
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/tcpdump/print-null.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/tcpdump/print-null.c b/usr.sbin/tcpdump/print-null.c index a42b3599a86..f90f5e9030c 100644 --- a/usr.sbin/tcpdump/print-null.c +++ b/usr.sbin/tcpdump/print-null.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-null.c,v 1.23 2018/10/22 16:12:45 kn Exp $ */ +/* $OpenBSD: print-null.c,v 1.24 2020/07/21 01:09:03 kn Exp $ */ /* * Copyright (c) 1991, 1993, 1994, 1995, 1996, 1997 @@ -119,6 +119,11 @@ null_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) ts_print(&h->ts); + if (caplen < NULL_HDRLEN) { + printf("[|null]"); + goto out; + } + /* * Some printers want to get back at the link level addresses, * and/or check that they're not walking off the end of the packet. |