From: Guy Harris Date: Thu, 24 May 2018 19:11:09 +0000 (-0700) Subject: Cast dport and sport to u_int before shifting them. X-Git-Tag: tcpdump-4.9.3~117 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/6f454b2bd29148bc439ca192cd886f2a6abd5ad4 Cast dport and sport to u_int before shifting them. The result of the expression is ultimately going to be put into a u_int; cast them to u_int so that we'll be shifting unsigned values left rather than int values, to avoid undefined behavior. This should fix GitHub issue #681. (cherry picked from commit cde392ab16d1de6b88f6b70dca6ddd4b83d8b525) --- diff --git a/print-tcp.c b/print-tcp.c index 31630376..b80a2f26 100644 --- a/print-tcp.c +++ b/print-tcp.c @@ -267,11 +267,11 @@ tcp_print(netdissect_options *ndo, if (rev) { UNALIGNED_MEMCPY(&tha.src, dst, sizeof ip6->ip6_dst); UNALIGNED_MEMCPY(&tha.dst, src, sizeof ip6->ip6_src); - tha.port = dport << 16 | sport; + tha.port = ((u_int)dport) << 16 | sport; } else { UNALIGNED_MEMCPY(&tha.dst, dst, sizeof ip6->ip6_dst); UNALIGNED_MEMCPY(&tha.src, src, sizeof ip6->ip6_src); - tha.port = sport << 16 | dport; + tha.port = ((u_int)sport) << 16 | dport; } for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE]; @@ -318,11 +318,11 @@ tcp_print(netdissect_options *ndo, if (rev) { UNALIGNED_MEMCPY(&tha.src, &ip->ip_dst, sizeof ip->ip_dst); UNALIGNED_MEMCPY(&tha.dst, &ip->ip_src, sizeof ip->ip_src); - tha.port = dport << 16 | sport; + tha.port = ((u_int)dport) << 16 | sport; } else { UNALIGNED_MEMCPY(&tha.dst, &ip->ip_dst, sizeof ip->ip_dst); UNALIGNED_MEMCPY(&tha.src, &ip->ip_src, sizeof ip->ip_src); - tha.port = sport << 16 | dport; + tha.port = ((u_int)sport) << 16 | dport; } for (th = &tcp_seq_hash[tha.port % TSEQ_HASHSIZE];