X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/d8d89857912e74201068ba55438dfbfdf57b40bc..dee11b5b1040a03dbd6e73f34dc9a4d1fff94f02:/print-tcp.c diff --git a/print-tcp.c b/print-tcp.c index e2559ecf..1ef3961e 100644 --- a/print-tcp.c +++ b/print-tcp.c @@ -294,7 +294,6 @@ tcp_print(register const u_char *bp, register u_int length, * both directions). */ #ifdef INET6 - memset(&tha, 0, sizeof(tha)); rev = 0; if (ip6) { src = &ip6->ip6_src; @@ -315,6 +314,27 @@ tcp_print(register const u_char *bp, register u_int length, tha.port = sport << 16 | dport; } } else { + /* + * Zero out the tha structure; the src and dst + * fields are big enough to hold an IPv6 + * address, but we only have IPv4 addresses + * and thus must clear out the remaining 124 + * bits. + * + * XXX - should we just clear those bytes after + * copying the IPv4 addresses, rather than + * zeroing out the entire structure and then + * overwriting some of the zeroes? + * + * XXX - this could fail if we see TCP packets + * with an IPv6 address with the lower 124 bits + * all zero and also see TCP packes with an + * IPv4 address with the same 32 bits as the + * upper 32 bits of the IPv6 address in question. + * Can that happen? Is it likely enough to be + * an issue? + */ + memset(&tha, 0, sizeof(tha)); src = &ip->ip_src; dst = &ip->ip_dst; if (sport > dport)