diff options
| author | Jonathan Gray <jsg@cvs.openbsd.org> | 2014-11-20 04:01:02 +0000 |
|---|---|---|
| committer | Jonathan Gray <jsg@cvs.openbsd.org> | 2014-11-20 04:01:02 +0000 |
| commit | edf8429841d4f3b354995f4d2e8a14072b20bced (patch) | |
| tree | 6e1f989a8f1557204a78f65a7a18b2720b263035 /usr.sbin | |
| parent | 96f3fa929ed62e52bca5d8e172f1f76801c11c88 (diff) | |
sanity check the length of the packet in the pcap header
fixes a crash found by the afl fuzzer
ok djm@ miod@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/tcpdump/print-sl.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/tcpdump/print-sl.c b/usr.sbin/tcpdump/print-sl.c index c0879337c7e..3cd7f85a02c 100644 --- a/usr.sbin/tcpdump/print-sl.c +++ b/usr.sbin/tcpdump/print-sl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-sl.c,v 1.16 2014/08/14 12:44:44 mpi Exp $ */ +/* $OpenBSD: print-sl.c,v 1.17 2014/11/20 04:01:01 jsg Exp $ */ /* * Copyright (c) 1989, 1990, 1991, 1993, 1994, 1995, 1996, 1997 @@ -75,7 +75,7 @@ sl_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) ts_print(&h->ts); - if (caplen < SLIP_HDRLEN) { + if (caplen < SLIP_HDRLEN || length < SLIP_HDRLEN) { printf("[|slip]"); goto out; } |