]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: b374c49) | patch
Fix -V to fail invalid input safely
authorDenis Ovsienko <[email protected]>
Sun, 17 Jun 2018 21:15:19 +0000 (22:15 +0100)
committerFrancois-Xavier Le Bail <[email protected]>
Sun, 27 Oct 2019 20:00:52 +0000 (21:00 +0100)
commit7ade781cf7ea6f067a2cab0406c8309fd3339eb4
treec0c5cca8f8fe6a12105dab3d2f81dfb61e02d86ctree
parentb374c49a582318ce0653494f6344911d4dcacb0fcommit | diff
Fix -V to fail invalid input safely

This change fixes CVE-2018-14879.

get_next_file() did not check the return value of strlen() and
underflowed an array index if the line read by fgets() from the file
started with \0. This caused an out-of-bounds read and could cause a
write. Add the missing check.

This vulnerability was discovered by Brian Carpenter & Geeknik Labs.

Cherry picked from 9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
in 4.9 branch.
tcpdump.c diff | blob | history
[mirror] the TCPdump network dissector