]> The Tcpdump Group git mirrors - tcpdump/commitdiff
(for 4.9.3) AoE: Add another bounds check.
authorDenis Ovsienko <[email protected]>
Thu, 31 Aug 2017 20:23:07 +0000 (21:23 +0100)
committerFrancois-Xavier Le Bail <[email protected]>
Sun, 18 Aug 2019 18:35:51 +0000 (20:35 +0200)
In aoev1_print() check bounds before fetching the Flags octet to prevent
a buffer over-read.

Found by code inspection hence there is no test case at this time.

print-aoe.c

index 2c78a55d30322bc4e725c69630def4031c7db6f6..fcb75264fc1ac579afa7fb3474a4049eddd3a454 100644 (file)
@@ -351,6 +351,7 @@ aoev1_print(netdissect_options *ndo,
        if (len < AOEV1_COMMON_HDR_LEN)
                goto invalid;
        /* Flags */
+       ND_TCHECK2(*cp, 1);
        flags = *cp & 0x0F;
        ND_PRINT((ndo, ", Flags: [%s]", bittok2str(aoev1_flag_str, "none", flags)));
        cp += 1;