| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This reverts commit a02c2faeec982d233a32b6db4df20ce817dd1563.
That zeroed out bits in the non-reserved portion of the field; the
reserved portion was already zero.
|
|
|
|
|
|
|
|
|
|
| |
For some reason pcap fuzzers just *love* to fuzz the "link-layer type
plus other stuff" part of the pcap file header. That can produce a file
that has non-zero values in reserved fields, which means it can get
rejected well before being handed to anything for dissection.
Clear out one of the reserved parts of that field, as we'll be changing
libpcap to check for non-zero values and reporting an error.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The packet length must be <= MAXIMUM_SNAPLEN.
Currently, there is no D-Bus printer, thus no need for a bigger length.
Now a pachet is valid if:
capture length != 0,
packet length != 0,
capture length <= MAXIMUM_SNAPLEN,
packet length <= MAXIMUM_SNAPLEN,
packet length >= capture length.
Moreover:
Fix the packet header lengths of some fuzzed pcap files:
If the lengths are > MAXIMUM_SNAPLEN, set them to MAXIMUM_SNAPLEN.
Thus they will be always usable with this new sanity check.
|
|
In RFC 1883, the Type 0 routing header had a 1-byte reserved field and a
3-byte strict/loose bit map; in RFC 2460, that changed to a 4-byte
reserved field.
This fixes a buffer over-read discovered by Brian 'geeknik' Carpenter (by
making an ND_TCHECK() call check for the presence in the captured data
of all 4 bytes of the reserved field; we were printing it as a 4-byte
field, so we needed to check for them).
Add a test using the capture file supplied by the reporter(s).
|