]> The Tcpdump Group git mirrors - tcpdump/commit
projects / tcpdump / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 5e48a55) | patch
CVE-2016-7983,7984/Don't use strchr() to scan packet data.
authorGuy Harris <[email protected]>
Tue, 21 Jul 2015 00:23:41 +0000 (17:23 -0700)
committerFrancois-Xavier Le Bail <[email protected]>
Wed, 18 Jan 2017 08:16:37 +0000 (09:16 +0100)
commit7bf069c2517690262aacbddc437731af991b31a7
treee098c178cf2907ab34676c812760fc081a798ebdtree
parent5e48a557542817a3bd6d344a1b96a3c9ad8ccfb8commit | diff
CVE-2016-7983,7984/Don't use strchr() to scan packet data.

It can't be told to stop at the end of the packet data.  Add a
fn_printztn() that prints null-terminated strings, with a length check,
and which returns the number of bytes processed, or 0 if we ran out of
data.  That means it does the scanning we need, but safely.

Use it in the TFTP and BOOTP printers.

Fixes a heap overflow found with American Fuzzy Lop by Hanno Böck.
netdissect.h diff | blob | history
print-bootp.c diff | blob | history
print-tftp.c diff | blob | history
tests/TESTLIST diff | blob | history
tests/tftp-heapoverflow.out [new file with mode: 0644] blob
tests/tftp-heapoverflow.pcap [new file with mode: 0644] blob
util-print.c diff | blob | history
[mirror] the TCPdump network dissector