tcpdump mailing list archives
[PATCH] print-olsr: Don't trust the package payload.
From: Florian Forster <tcpdump () nospam verplant org>
Date: Sat, 16 May 2009 13:01:52 +0200
From: Florian Forster <octo () leeloo lan home verplant org> Especially not to do pointer arithmetic. This is a real problem even without malicious people around if you use OLSR via IPv6, because the message IDs didn't change but addresses are now longer than four bytes. Signed-off-by: Florian Forster <octo () leeloo lan home verplant org> --- print-olsr.c | 13 +++++++++++-- 1 files changed, 11 insertions(+), 2 deletions(-) diff --git a/print-olsr.c b/print-olsr.c index 54709b7..4147619 100644 --- a/print-olsr.c +++ b/print-olsr.c @@ -286,6 +286,7 @@ olsr_print (const u_char *pptr, u_int length) msg_tlen -= sizeof(struct olsr_hello); while (msg_tlen >= sizeof(struct olsr_hello_link)) { + int hello_len_valid = 0; /* * link-type. @@ -299,10 +300,18 @@ olsr_print (const u_char *pptr, u_int length) link_type = OLSR_EXTRACT_LINK_TYPE(ptr.hello_link->link_code); neighbor_type = OLSR_EXTRACT_NEIGHBOR_TYPE(ptr.hello_link->link_code); - printf("\n\t link-type %s, neighbor-type %s, len %u", + if ((hello_len <= msg_tlen) + && (hello_len >= sizeof(struct olsr_hello_link))) + hello_len_valid = 1; + + printf("\n\t link-type %s, neighbor-type %s, len %u%s", tok2str(olsr_link_type_values, "Unknown", link_type), tok2str(olsr_neighbor_type_values, "Unknown", neighbor_type), - hello_len); + hello_len, + (hello_len_valid == 0) ? " (invalid)" : ""); + + if (hello_len_valid == 0) + break; msg_data += sizeof(struct olsr_hello_link); msg_tlen -= sizeof(struct olsr_hello_link); -- 1.6.2.4 - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- [PATCH] print-olsr: Don't trust the package payload. Florian Forster (May 16)
- [PATCH 1/2] util.c: Add the `mask62plen' utility function. Florian Forster (May 16)
- [PATCH 2/2] print-olsr: Add basic IPv6 support. Florian Forster (May 16)
- Re: [PATCH 2/2] print-olsr: Add basic IPv6 support. Guy Harris (May 21)
- Re: [PATCH 1/2] util.c: Add the `mask62plen' utility function. Guy Harris (May 21)
- [PATCH 2/2] print-olsr: Add basic IPv6 support. Florian Forster (May 16)
- Re: [PATCH] print-olsr: Don't trust the package payload. Guy Harris (May 21)
- [PATCH 1/2] util.c: Add the `mask62plen' utility function. Florian Forster (May 16)