Re: reg: download

[Guy Harris <guy () alum mit edu>]

On Jan 20, 2004, at 10:50 AM, Michael Richardson wrote:

> > > > > > "kanch@gmx" == kanch@gmx net <pkkanchana () gmx net> writes:
>     kanch@gmx> code. so plan to edit current 3.8.1 by comparing with 
> cvs source.
>
>     kanch@gmx> Is there only following file changes?
>     kanch@gmx>     like in print-isakmp.c, print-radius.c
>
>   3.8.1 has the latest fixes already.
>   What makes you think otherwise?

% cvs log print-isakmp.c

                        ...

symbolic names:
        tcpdump_3_8rel1: 1.36.2.5
        tcpdump_3_8: 1.36.0.2
        tcpdump_3_8_bp: 1.36

                        ...

revision 1.36.2.6
date: 2004/01/07 07:53:17;  author: hannes;  state: Exp;  lines: +9 -1
bugfix from Jonathan Heusser <jonny () drugphish ch>

  The first critical piece of code is found in print-isakmp.c:332. The
  function rawprint() does not check its arguments thus it's easy for
  an attacker to pass a big 'len' or a bogus 'loc' leading to a
  segmentation fault in the for loop.

  The second bug is located in print-radius.c:471. The for loop of
  print_attr_string() is written in an unsafe manner. 'length'
  and 'data' should be checked.

                        ...

I.e., 3.8.1 has revision 1.36.2.5 of print-isakmp.c, which doesn't have 
Jonathan Heusser's fixes.  As those were checked in with the 
print-radius.c fixes, presumably those are also not in 3.8.1.

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe