svn commit: r355990 - head/contrib/libpcap
Cy Schubert
cy at FreeBSD.org
Sat Dec 21 21:05:54 UTC 2019
Author: cy
Date: Sat Dec 21 21:05:53 2019
New Revision: 355990
URL: https://svnweb.freebsd.org/changeset/base/355990
Log:
MFV r355890:
Fix libpcap issue #893: check for invalid IPv4 addresses.
This fixes errors such as:
tcpdump -i lagg0 net 999.999.999.999
This was originally discovered on a Red Hat 7.7 server and verified
to also be a bug on FreeBSD.
Obtained from: https://github.com/the-tcpdump-group/libpcap/commit/ \
07070918d5e81a515315b395f334e52589fe0fb
Fixed by: https://github.com/guyharris
MFC after: 2 weeks
Modified:
head/contrib/libpcap/gencode.c
head/contrib/libpcap/nametoaddr.c
Directory Properties:
head/contrib/libpcap/ (props changed)
Modified: head/contrib/libpcap/gencode.c
==============================================================================
--- head/contrib/libpcap/gencode.c Sat Dec 21 21:02:50 2019 (r355989)
+++ head/contrib/libpcap/gencode.c Sat Dec 21 21:05:53 2019 (r355990)
@@ -6955,11 +6955,15 @@ gen_mcode(compiler_state_t *cstate, const char *s1, co
return (NULL);
nlen = __pcap_atoin(s1, &n);
+ if (nlen < 0)
+ bpf_error(cstate, "invalid IPv4 address '%s'", s1);
/* Promote short ipaddr */
n <<= 32 - nlen;
if (s2 != NULL) {
mlen = __pcap_atoin(s2, &m);
+ if (mlen < 0)
+ bpf_error(cstate, "invalid IPv4 address '%s'", s2);
/* Promote short ipaddr */
m <<= 32 - mlen;
if ((n & ~m) != 0)
@@ -7017,8 +7021,11 @@ gen_ncode(compiler_state_t *cstate, const char *s, bpf
vlen = __pcap_atodn(s, &v);
if (vlen == 0)
bpf_error(cstate, "malformed decnet address '%s'", s);
- } else
+ } else {
vlen = __pcap_atoin(s, &v);
+ if (vlen < 0)
+ bpf_error(cstate, "invalid IPv4 address '%s'", s);
+ }
switch (q.addr) {
Modified: head/contrib/libpcap/nametoaddr.c
==============================================================================
--- head/contrib/libpcap/nametoaddr.c Sat Dec 21 21:02:50 2019 (r355989)
+++ head/contrib/libpcap/nametoaddr.c Sat Dec 21 21:05:53 2019 (r355990)
@@ -653,8 +653,15 @@ __pcap_atoin(const char *s, bpf_u_int32 *addr)
len = 0;
for (;;) {
n = 0;
- while (*s && *s != '.')
+ while (*s && *s != '.') {
+ if (n > 25) {
+ /* The result will be > 255 */
+ return -1;
+ }
n = n * 10 + *s++ - '0';
+ }
+ if (n > 255)
+ return -1;
*addr <<= 8;
*addr |= n & 0xff;
len += 8;
More information about the svn-src-all
mailing list