From: Guy Harris Date: Fri, 3 Jul 2015 19:05:26 +0000 (-0700) Subject: CVE-2016-7925/Add more bounds checks. X-Git-Tag: tcpdump-4.9.0-bp~105 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/c4744fc29aefea62ab751d50d5e4743c3065ef5f?ds=sidebyside CVE-2016-7925/Add more bounds checks. Fixes a heap overflow found with American Fuzzy Lop by Hanno Böck. --- diff --git a/print-sl.c b/print-sl.c index ec81608b..3fd7e898 100644 --- a/print-sl.c +++ b/print-sl.c @@ -68,6 +68,7 @@ sl_if_print(netdissect_options *ndo, return (caplen); } + caplen -= SLIP_HDRLEN; length -= SLIP_HDRLEN; ip = (const struct ip *)(p + SLIP_HDRLEN); @@ -75,6 +76,11 @@ sl_if_print(netdissect_options *ndo, if (ndo->ndo_eflag) sliplink_print(ndo, p, ip, length); + if (caplen < 1 || length < 1) { + ND_PRINT((ndo, "%s", tstr)); + return (caplen + SLIP_HDRLEN); + } + switch (IP_V(ip)) { case 4: ip_print(ndo, (const u_char *)ip, length); diff --git a/tests/TESTLIST b/tests/TESTLIST index 4f13b62e..241dc91b 100644 --- a/tests/TESTLIST +++ b/tests/TESTLIST @@ -373,3 +373,4 @@ heap-overflow-2 heap-overflow-2.pcap heap-overflow-2.out -t -v -n heapoverflow-atalk_print heapoverflow-atalk_print.pcap heapoverflow-atalk_print.out -t -v -n heapoverflow-EXTRACT_16BITS heapoverflow-EXTRACT_16BITS.pcap heapoverflow-EXTRACT_16BITS.out -t -v -n heapoverflow-ppp_hdlc_if_print heapoverflow-ppp_hdlc_if_print.pcap heapoverflow-ppp_hdlc_if_print.out -t -v -n +heapoverflow-sl_if_print heapoverflow-sl_if_print.pcap heapoverflow-sl_if_print.out -t -v -n diff --git a/tests/heapoverflow-sl_if_print.out b/tests/heapoverflow-sl_if_print.out new file mode 100644 index 00000000..4ddcf523 --- /dev/null +++ b/tests/heapoverflow-sl_if_print.out @@ -0,0 +1 @@ +[|slip] diff --git a/tests/heapoverflow-sl_if_print.pcap b/tests/heapoverflow-sl_if_print.pcap new file mode 100644 index 00000000..4541b1d4 Binary files /dev/null and b/tests/heapoverflow-sl_if_print.pcap differ