]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cd2dee7)
security patch from jonathan heusser:
authorhannes <hannes>
Wed, 18 Feb 2004 15:13:04 +0000 (15:13 +0000)
committerhannes <hannes>
Wed, 18 Feb 2004 15:13:04 +0000 (15:13 +0000)
addrtoname.c:getname() does not check its argument. Assuming the
argument is e.g. NULL
and the function is called leads to a segmentation fault in memcpy().
Which is problematic since it is heavily used, either as getname() or
ipaddr_string().

addrtoname.c patch | blob | history

diff --git a/addrtoname.c b/addrtoname.c
index 58da03296139ac1e3a802d2eacdb8b03d678678e..877735a8bff3df3608aff308ae962e438fd64374 100644 (file)
--- a/addrtoname.c
+++ b/addrtoname.c
@@ -23,7 +23,7 @@
  */
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/addrtoname.c,v 1.96.2.4 2004-01-27 23:14:25 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/addrtoname.c,v 1.96.2.5 2004-02-18 15:13:04 hannes Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -203,6 +203,10 @@ getname(const u_char *ap)
        u_int32_t addr;
        static struct hnamemem *p;              /* static for longjmp() */
 
+       if(!TTEST2(*ap, sizeof(addr))) {
+               return NULL;
+       }
+
        memcpy(&addr, ap, sizeof(addr));
        p = &hnametable[addr & (HASHNAMESIZE-1)];
        for (; p->nxt; p = p->nxt) {
[mirror] the TCPdump network dissector