tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: getname() vulnerabilitiy

From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Wed, 24 Mar 2004 10:11:33 -0500
-----BEGIN PGP SIGNED MESSAGE-----



"Guy" == Guy Harris <guy () alum mit edu> writes:

    >> addrtoname.c:getname() does not check its argument.

    Guy> It can't - it's not always passed a pointer to data in the packet.

    Guy> I've gone through the code looking for calls to "getname()" or 
    Guy> "ipaddr_string()", and added to the print routines the
    Guy> appropriate bounds 
    Guy> checks (which is better than checking in "getname()", as that
    Guy> means that I 

  okay, will you pull these up to the 3.8 branch so we can release 3.8.2
on Monday?

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr () xelerance com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQGGlI4qHRg3pndX9AQG8lgQAtT+KtBszYR+s9tKc42Q8gc1m/2gLp/Ri
WFk+2XwCn92N6a6toS/TFcTbQYPe5B51fTJF7uyEhDJ9Q9qg97sKVmimLpirha9G
4WehL5ZmywU5U6D4+OcXtCV+T+H3d6fwIGQ+AYLjAa6lcL5VkOW5STEKHI1gsb7L
4V1T77toPu4=
=XLRk
-----END PGP SIGNATURE-----
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: