diff options
author | Guy Harris <guy@alum.mit.edu> | 2015-07-03 15:54:14 -0700 |
---|---|---|
committer | Francois-Xavier Le Bail <fx.lebail@yahoo.com> | 2017-01-18 09:16:36 +0100 |
commit | 6bc44295cfbe1f7b6633c755841518f4b159aa8a (patch) | |
tree | 859fda193d4664cfce2892e3c3c219847ada789b /print-ipfc.c | |
parent | 237efcf593ee369519e9dfdc9166702219dabfec (diff) | |
download | tcpdump-6bc44295cfbe1f7b6633c755841518f4b159aa8a.tar.gz |
CVE-2016-7985,7986/Change the way protocols print link-layer addresses.
If a protocol that runs under a link-layer protocol would print the
link-layer addresses for the packet as source and destination addresses
for the packet, don't have it blithely assume those link-layer addresses
are present or are at a particular offset from the beginning of that
protocol's data; Ethertypes, for example, are used by a number of
protocols, not all of which have Ethernet headers and not all of which
have any MAC headers.
Instead, pass the printers for those protocols structures with a pointer
to the address data and a pointer to a routine that prints the address.
Fixes some heap overflows found with American Fuzzy Lop by Hanno Böck.
Diffstat (limited to 'print-ipfc.c')
-rw-r--r-- | print-ipfc.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/print-ipfc.c b/print-ipfc.c index fc204652..b8a08e96 100644 --- a/print-ipfc.c +++ b/print-ipfc.c @@ -93,6 +93,7 @@ ipfc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen) { const struct ipfc_header *ipfcp = (const struct ipfc_header *)p; struct ether_header ehdr; + struct lladdr_info src, dst; int llc_hdrlen; if (caplen < IPFC_HDRLEN) { @@ -107,13 +108,18 @@ ipfc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen) if (ndo->ndo_eflag) ipfc_hdr_print(ndo, ipfcp, length, ESRC(&ehdr), EDST(&ehdr)); + src.addr = ESRC(&ehdr); + src.addr_string = etheraddr_string; + dst.addr = EDST(&ehdr); + dst.addr_string = etheraddr_string; + /* Skip over Network_Header */ length -= IPFC_HDRLEN; p += IPFC_HDRLEN; caplen -= IPFC_HDRLEN; /* Try to print the LLC-layer header & higher layers */ - llc_hdrlen = llc_print(ndo, p, length, caplen, ESRC(&ehdr), EDST(&ehdr)); + llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst); if (llc_hdrlen < 0) { /* * Some kinds of LLC packet we cannot |