From: Guy Harris Date: Thu, 26 Apr 2018 02:04:40 +0000 (-0700) Subject: Do bounds checking on references to the bids array. X-Git-Tag: libpcap-1.9-bp~92 X-Git-Url: https://git.tcpdump.org/libpcap/commitdiff_plain/9bac75ac0222df31e29ecacf2da423702b3e5c3d Do bounds checking on references to the bids array. Addresses GitHub issue #484. --- diff --git a/Makefile.in b/Makefile.in index 8bd95e35..0f2c9c6a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -133,6 +133,7 @@ HDR = $(PUBHDR) \ llc.h \ nametoaddr.h \ nlpid.h \ + optimize.h \ pcap-common.h \ pcap-int.h \ pcap-rpcap.h \ diff --git a/bpf_dump.c b/bpf_dump.c index b59d6073..a9c91169 100644 --- a/bpf_dump.c +++ b/bpf_dump.c @@ -26,6 +26,8 @@ #include #include +#include "optimize.h" + void bpf_dump(const struct bpf_program *p, int option) { @@ -50,8 +52,7 @@ bpf_dump(const struct bpf_program *p, int option) } for (i = 0; i < n; ++insn, ++i) { #ifdef BDEBUG - extern int bids[]; - if (bids[i] > 0) + if (i < NBIDS && bids[i] > 0) printf("[%02d]", bids[i] - 1); else printf(" -- "); diff --git a/optimize.c b/optimize.c index 13dd207a..b3890394 100644 --- a/optimize.c +++ b/optimize.c @@ -37,6 +37,7 @@ #include "pcap-int.h" #include "gencode.h" +#include "optimize.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" @@ -2062,7 +2063,7 @@ opt_init(compiler_state_t *cstate, opt_state_t *opt_state, struct icode *ic) * and expect it to provide meaningful information. */ #ifdef BDEBUG -int bids[1000]; +int bids[NBIDS]; #endif /* @@ -2190,7 +2191,8 @@ filled: free(offset); #ifdef BDEBUG - bids[dst - conv_state->fstart] = p->id + 1; + if (dst - conv_state->fstart < NBIDS) + bids[dst - conv_state->fstart] = p->id + 1; #endif dst->code = (u_short)p->s.code; dst->k = p->s.k; diff --git a/optimize.h b/optimize.h new file mode 100644 index 00000000..d8f646c8 --- /dev/null +++ b/optimize.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code distributions + * retain the above copyright notice and this paragraph in its entirety, (2) + * distributions including binary code include the above copyright notice and + * this paragraph in its entirety in the documentation or other materials + * provided with the distribution, and (3) all advertising materials mentioning + * features or use of this software display the following acknowledgement: + * ``This product includes software developed by the University of California, + * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of + * the University nor the names of its contributors may be used to endorse + * or promote products derived from this software without specific prior + * written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* + * Some stuff for use when debugging the optimizer. + */ +#ifdef BDEBUG +extern int pcap_optimizer_debug; /* optimizer debugging level */ + +#define NBIDS 1000 +extern int bids[NBIDS]; +#endif diff --git a/pcap.c b/pcap.c index 1c304ad0..64d64ed7 100644 --- a/pcap.c +++ b/pcap.c @@ -78,6 +78,8 @@ struct rtentry; /* declarations in */ #include "pcap-int.h" +#include "optimize.h" + #ifdef HAVE_DAG_API #include "pcap-dag.h" #endif /* HAVE_DAG_API */ @@ -3928,8 +3930,6 @@ PCAP_API void pcap_set_optimizer_debug(int value); PCAP_API_DEF void pcap_set_optimizer_debug(int value) { - extern int pcap_optimizer_debug; - pcap_optimizer_debug = value; } #endif