The Tcpdump Group git mirrors

]> The Tcpdump Group git mirrors - tcpdump/commit

author	Guy Harris <[email protected]>
	Tue, 7 Feb 2017 19:40:36 +0000 (11:40 -0800)
committer	Denis Ovsienko <[email protected]>
	Sat, 2 Sep 2017 18:55:00 +0000 (19:55 +0100)
commit	09b1185295cd53891c4b68b30815474b29e83f50
tree	10a42d300fa8e274e1c65e0b7bcb5534760f712f	tree
parent	0d2332ab1e71c2e6f1d8d177928f373afc39503b	commit \| diff

CVE-2017-11541: In safeputs(), check the length before checking for a NUL terminator.

safeputs() doesn't do packet bounds checking of its own; it assumes that
the caller has checked the availability in the packet data of all maxlen
bytes of data. This means we should check that we're within the
specified limit before looking at the byte.

This fixes a buffer over-read discovered by Kamil Frankowicz.

Add a test using the capture file supplied by the reporter(s).

tests/TESTLIST		diff \| blob \| history
tests/hoobr_safeputs.out	[new file with mode: 0644]	blob
tests/hoobr_safeputs.pcap	[new file with mode: 0644]	blob
util-print.c		diff \| blob \| history

[mirror] the TCPdump network dissector

RSS Atom