tcpdump mailing list archives
Re: getname() vulnerabilitiy
From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Wed, 24 Mar 2004 10:11:33 -0500
-----BEGIN PGP SIGNED MESSAGE-----
"Guy" == Guy Harris <guy () alum mit edu> writes:
>> addrtoname.c:getname() does not check its argument. Guy> It can't - it's not always passed a pointer to data in the packet. Guy> I've gone through the code looking for calls to "getname()" or Guy> "ipaddr_string()", and added to the print routines the Guy> appropriate bounds Guy> checks (which is better than checking in "getname()", as that Guy> means that I okay, will you pull these up to the 3.8 branch so we can release 3.8.2 on Monday? - -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr () xelerance com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQGGlI4qHRg3pndX9AQG8lgQAtT+KtBszYR+s9tKc42Q8gc1m/2gLp/Ri WFk+2XwCn92N6a6toS/TFcTbQYPe5B51fTJF7uyEhDJ9Q9qg97sKVmimLpirha9G 4WehL5ZmywU5U6D4+OcXtCV+T+H3d6fwIGQ+AYLjAa6lcL5VkOW5STEKHI1gsb7L 4V1T77toPu4= =XLRk -----END PGP SIGNATURE----- - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- getname() vulnerabilitiy Jonathan Heusser (Feb 13)
- Re: getname() vulnerabilitiy Guy Harris (Mar 23)
- Re: getname() vulnerabilitiy Michael Richardson (Mar 24)
- Re: getname() vulnerabilitiy Guy Harris (Mar 24)
- Re: getname() vulnerabilitiy Michael Richardson (Mar 24)
- Re: getname() vulnerabilitiy Guy Harris (Mar 23)