[Bug 278034] tcpdump's ip6_print can read beyond buffer end

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 01 Apr 2024 08:45:03 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278034

--- Comment #3 from Kristof Provost <kp@freebsd.org> ---
To answer my own question, I think this may suffice:

diff --git a/contrib/tcpdump/print-pfsync.c b/contrib/tcpdump/print-pfsync.c
index 5710e36ded6c..e22c11a2df2d 100644
--- a/contrib/tcpdump/print-pfsync.c
+++ b/contrib/tcpdump/print-pfsync.c
@@ -86,7 +86,7 @@ pfsync_ip_print(netdissect_options *ndo , const u_char *bp,
u_int len)
 {
        struct pfsync_header *hdr = (struct pfsync_header *)bp;

-       if (len < PFSYNC_HDRLEN)
+       if (len < PFSYNC_HDRLEN || ! ND_TTEST_LEN(bp, len))
                ND_PRINT("[|pfsync]");
        else
                pfsync_print(ndo, hdr, bp + sizeof(struct pfsync_header),

At the very least it makes valgrind happy without actually appearing to break
tcpdump's support for pfsync.

-- 
You are receiving this mail because:
You are the assignee for the bug.