]> The Tcpdump Group git mirrors - libpcap/commitdiff
projects / libpcap / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0103d28)
Check for invalid IPv4 addresses.
authorGuy Harris <[email protected]>
Wed, 18 Dec 2019 23:06:53 +0000 (15:06 -0800)
committerGuy Harris <[email protected]>
Wed, 18 Dec 2019 23:06:53 +0000 (15:06 -0800)
This should fix GitHub issue #893.

gencode.c patch | blob | history
nametoaddr.c patch | blob | history

diff --git a/gencode.c b/gencode.c
index bdc35e646e9cf9e5c75afc5b1bd486d3fbe01e40..040a553157163355b9ecc9a33276432e7a2bab22 100644 (file)
--- a/gencode.c
+++ b/gencode.c
@@ -6947,11 +6947,15 @@ gen_mcode(compiler_state_t *cstate, const char *s1, const char *s2,
                return (NULL);
 
        nlen = __pcap_atoin(s1, &n);
                return (NULL);
 
        nlen = __pcap_atoin(s1, &n);
+       if (nlen < 0)
+               bpf_error(cstate, "invalid IPv4 address '%s'", s1);
        /* Promote short ipaddr */
        n <<= 32 - nlen;
 
        if (s2 != NULL) {
                mlen = __pcap_atoin(s2, &m);
        /* Promote short ipaddr */
        n <<= 32 - nlen;
 
        if (s2 != NULL) {
                mlen = __pcap_atoin(s2, &m);
+               if (mlen < 0)
+                       bpf_error(cstate, "invalid IPv4 address '%s'", s2);
                /* Promote short ipaddr */
                m <<= 32 - mlen;
                if ((n & ~m) != 0)
                /* Promote short ipaddr */
                m <<= 32 - mlen;
                if ((n & ~m) != 0)
@@ -7009,8 +7013,11 @@ gen_ncode(compiler_state_t *cstate, const char *s, bpf_u_int32 v, struct qual q)
                vlen = __pcap_atodn(s, &v);
                if (vlen == 0)
                        bpf_error(cstate, "malformed decnet address '%s'", s);
                vlen = __pcap_atodn(s, &v);
                if (vlen == 0)
                        bpf_error(cstate, "malformed decnet address '%s'", s);
-       } else
+       } else {
                vlen = __pcap_atoin(s, &v);
                vlen = __pcap_atoin(s, &v);
+               if (vlen < 0)
+                       bpf_error(cstate, "invalid IPv4 address '%s'", s);
+       }
 
        switch (q.addr) {
 
 
        switch (q.addr) {
 
diff --git a/nametoaddr.c b/nametoaddr.c
index 53070a285ab94c21858736406001cb57fe30d216..13bf4c683794f32afc3ce56ae66571082662a2d5 100644 (file)
--- a/nametoaddr.c
+++ b/nametoaddr.c
@@ -674,8 +674,15 @@ __pcap_atoin(const char *s, bpf_u_int32 *addr)
        len = 0;
        for (;;) {
                n = 0;
        len = 0;
        for (;;) {
                n = 0;
-               while (*s && *s != '.')
+               while (*s && *s != '.') {
+                       if (n > 25) {
+                               /* The result will be > 255 */
+                               return -1;
+                       }
                        n = n * 10 + *s++ - '0';
                        n = n * 10 + *s++ - '0';
+               }
+               if (n > 255)
+                       return -1;
                *addr <<= 8;
                *addr |= n & 0xff;
                len += 8;
                *addr <<= 8;
                *addr |= n & 0xff;
                len += 8;
[mirror] the LIBpcap interface to various kernel packet capture mechanism