diff options
author | Denis Ovsienko <denis@ovsienko.info> | 2017-01-12 10:09:34 +0000 |
---|---|---|
committer | Francois-Xavier Le Bail <fx.lebail@yahoo.com> | 2017-01-18 09:16:41 +0100 |
commit | c39c1d99ac3b6d5d9519b39da6717180651650d3 (patch) | |
tree | 9a68359cfb9c57c3b8c7f28c76c82fc9178a26ab /print-fr.c | |
parent | 857ec6e800ec772f5a6b9f76268d189d70f000b6 (diff) | |
download | tcpdump-c39c1d99ac3b6d5d9519b39da6717180651650d3.tar.gz |
CVE-2017-5482/Q.933: add a missing bounds check
Brian Carpenter had found that regardless of CVE-2016-8575 q933_print()
still could overread the buffer trying to parse a short packet. This
change fixes the problem.
Diffstat (limited to 'print-fr.c')
-rw-r--r-- | print-fr.c | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -906,6 +906,7 @@ q933_print(netdissect_options *ndo, ND_PRINT((ndo, "%s, codeset %u", is_ansi ? "ANSI" : "CCITT", codeset)); if (call_ref_length != 0) { + ND_TCHECK(p[0]); if (call_ref_length > 1 || p[0] != 0) { /* * Not a dummy call reference. |