[Bug 278034] tcpdump's ip6_print can read beyond buffer end

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 01 Apr 2024 07:50:38 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278034

Kristof Provost <kp@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kp@freebsd.org

--- Comment #2 from Kristof Provost <kp@freebsd.org> ---
I'm not terribly familiar with the way tcpdump handles packet parsing.

Is the issue here that ip6_print() passes the wrong length value, or that
pfsync_print() misinterprets the passed length, and ought to be using accessor
functions like GET_BE_U_2() and friends which do check the actual data length?

-- 
You are receiving this mail because:
You are the assignee for the bug.