tcpdump mailing list archives

[PATCH] print-olsr: Don't trust the package payload.

From: Florian Forster <tcpdump () nospam verplant org>
Date: Sat, 16 May 2009 13:01:52 +0200

From: Florian Forster <octo () leeloo lan home verplant org>

Especially not to do pointer arithmetic.

This is a real problem even without malicious people around if you use
OLSR via IPv6, because the message IDs didn't change but addresses are
now longer than four bytes.

Signed-off-by: Florian Forster <octo () leeloo lan home verplant org>
---
 print-olsr.c |   13 +++++++++++--
 1 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/print-olsr.c b/print-olsr.c
index 54709b7..4147619 100644
--- a/print-olsr.c
+++ b/print-olsr.c
@@ -286,6 +286,7 @@ olsr_print (const u_char *pptr, u_int length)
             msg_tlen -= sizeof(struct olsr_hello);
 
             while (msg_tlen >= sizeof(struct olsr_hello_link)) {
+                int hello_len_valid = 0;
 
                 /*
                  * link-type.
@@ -299,10 +300,18 @@ olsr_print (const u_char *pptr, u_int length)
                 link_type = OLSR_EXTRACT_LINK_TYPE(ptr.hello_link->link_code);
                 neighbor_type = OLSR_EXTRACT_NEIGHBOR_TYPE(ptr.hello_link->link_code);
 
-                printf("\n\t    link-type %s, neighbor-type %s, len %u",
+                if ((hello_len <= msg_tlen)
+                        && (hello_len >= sizeof(struct olsr_hello_link)))
+                    hello_len_valid = 1;
+
+                printf("\n\t    link-type %s, neighbor-type %s, len %u%s",
                        tok2str(olsr_link_type_values, "Unknown", link_type),
                        tok2str(olsr_neighbor_type_values, "Unknown", neighbor_type),
-                       hello_len);
+                       hello_len,
+                       (hello_len_valid == 0) ? " (invalid)" : "");
+
+                if (hello_len_valid == 0)
+                    break;
 
                 msg_data += sizeof(struct olsr_hello_link);
                 msg_tlen -= sizeof(struct olsr_hello_link);
-- 
1.6.2.4

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

[PATCH] print-olsr: Don't trust the package payload. Florian Forster (May 16)
- [PATCH 1/2] util.c: Add the `mask62plen' utility function. Florian Forster (May 16)
  - [PATCH 2/2] print-olsr: Add basic IPv6 support. Florian Forster (May 16)
    - Re: [PATCH 2/2] print-olsr: Add basic IPv6 support. Guy Harris (May 21)
  - Re: [PATCH 1/2] util.c: Add the `mask62plen' utility function. Guy Harris (May 21)
- Re: [PATCH] print-olsr: Don't trust the package payload. Guy Harris (May 21)