]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: bed4806) | patch
CVE-2017-11541: In safeputs(), check the length before checking for a NUL terminator.
authorGuy Harris <[email protected]>
Tue, 7 Feb 2017 19:40:36 +0000 (11:40 -0800)
committerDenis Ovsienko <[email protected]>
Sat, 2 Sep 2017 20:36:44 +0000 (21:36 +0100)
commit21d702a136c5c16882e368af7c173df728242280
treeccea393d1f31c32ad2cb855e7ebf4b16522570e0tree
parentbed48062a64fca524156d7684af19f5b4a116faecommit | diff
CVE-2017-11541: In safeputs(), check the length before checking for a NUL terminator.

safeputs() doesn't do packet bounds checking of its own; it assumes that
the caller has checked the availability in the packet data of all maxlen
bytes of data.  This means we should check that we're within the
specified limit before looking at the byte.

This fixes a buffer over-read discovered by Kamil Frankowicz.

Add a test using the capture file supplied by the reporter(s).
tests/TESTLIST diff | blob | history
tests/hoobr_safeputs.out [new file with mode: 0644] blob
tests/hoobr_safeputs.pcap [new file with mode: 0644] blob
util-print.c diff | blob | history
[mirror] the TCPdump network dissector