[src/netbsd-1-5]: src/usr.sbin/tcpdump Apply patch (requested by itojun):

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-5]: src/usr.sbin/tcpdump Apply patch (requested by itojun):
From: he <he%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 07:39:43 +0000

details:   https://anonhg.NetBSD.org/src/rev/e3c9669bbbd7
branches:  netbsd-1-5
changeset: 493124:e3c9669bbbd7
user:      he <he%NetBSD.org@localhost>
date:      Thu Jun 06 20:01:35 2002 +0000

description:
Apply patch (requested by itojun):
  Plug buffer overrun during NFS decoding.
Diff is from dist/tcpdump/print-nfs.c revisions 1.5-1.6

diffstat:

 usr.sbin/tcpdump/print-nfs.c |  56 ++++++++++++++++++++++++++++---------------
 1 files changed, 36 insertions(+), 20 deletions(-)

diffs (172 lines):

diff -r a975edd217d2 -r e3c9669bbbd7 usr.sbin/tcpdump/print-nfs.c
--- a/usr.sbin/tcpdump/print-nfs.c      Thu Jun 06 20:01:11 2002 +0000
+++ b/usr.sbin/tcpdump/print-nfs.c      Thu Jun 06 20:01:35 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: print-nfs.c,v 1.11.2.1 2000/07/17 23:15:23 enami Exp $ */
+/*     $NetBSD: print-nfs.c,v 1.11.2.2 2002/06/06 20:01:35 he Exp $    */
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -27,7 +27,7 @@
 static const char rcsid[] =
     "@(#) Header: print-nfs.c,v 1.65 97/08/17 13:24:22 leres Exp  (LBL)";
 #else
-__RCSID("$NetBSD: print-nfs.c,v 1.11.2.1 2000/07/17 23:15:23 enami Exp $");
+__RCSID("$NetBSD: print-nfs.c,v 1.11.2.2 2002/06/06 20:01:35 he Exp $");
 #endif
 #endif
 
@@ -675,10 +675,16 @@
 
        case NFSPROC_FSINFO:
                printf(" fsinfo");
+               if ((dp = parsereq(rp, length)) != NULL &&
+                   parsefh(dp, v3) != NULL)
+                       return;
                break;
 
        case NFSPROC_PATHCONF:
                printf(" pathconf");
+               if ((dp = parsereq(rp, length)) != NULL &&
+                   parsefh(dp, v3) != NULL)
+                       return;
                break;
 
        case NFSPROC_COMMIT:
@@ -715,9 +721,10 @@
 {
        my_fsid fsid;
        ino_t ino;
-       char *sfsname = NULL;
-
-       Parse_fh((caddr_t*)dp, len, &fsid, &ino, NULL, &sfsname, 0);
+       const char *sfsname = NULL;
+       char *spacep;
+  
+       Parse_fh((const u_char *)dp, len, &fsid, &ino, NULL, &sfsname, 0);
 
        if (sfsname) {
                /* file system ID is ASCII, not numeric, for this server OS */
@@ -727,9 +734,9 @@
                strncpy(temp, sfsname, NFSX_V3FHMAX);
                temp[sizeof(temp) - 1] = '\0';
                /* Remove trailing spaces */
-               sfsname = strchr(temp, ' ');
-               if (sfsname)
-                       *sfsname = 0;
+               spacep = strchr(temp, ' ');
+               if (spacep)
+                       *spacep = '\0';
 
                (void)printf(" fh %s/", temp);
        } else {
@@ -981,7 +988,6 @@
                if (!qflag)
                        printf(" ERROR: %s", pcap_strerror(errnum));
                nfserr = 1;
-               return (NULL);
        }
        return (dp + 1);
 trunc:
@@ -1063,8 +1069,10 @@
        int er;
 
        dp = parsestatus(dp, &er);
-       if (dp == NULL || er)
+       if (dp == NULL)
                return (0);
+       if (er)
+               return (1);
 
        return (parsefattr(dp, verbose, v3) != NULL);
 }
@@ -1074,8 +1082,10 @@
 {
        int er;
 
-       if (!(dp = parsestatus(dp, &er)) || er)
+       if (!(dp = parsestatus(dp, &er)))
                return (0);
+       if (er)
+               return (1);
 
        dp = parsefh(dp, 0);
        if (dp == NULL)
@@ -1090,8 +1100,10 @@
        int er;
 
        dp = parsestatus(dp, &er);
-       if (dp == NULL || er)
+       if (dp == NULL)
                return(0);
+       if (er)
+               return(1);
        if (v3 && !(dp = parse_post_op_attr(dp, vflag)))
                return (0);
        putchar(' ');
@@ -1105,8 +1117,10 @@
        int er;
 
        dp = parsestatus(dp, &er);
-       if (dp == NULL || (!v3 && er))
+       if (dp == NULL)
                return (0);
+       if (!v3 && er)
+               return (1);
 
        if (qflag)
                return(1);
@@ -1118,7 +1132,7 @@
                        return (0);
        }
 
-       TCHECK2(dp, (v3 ? NFSX_V3STATFS : NFSX_V2STATFS));
+       TCHECK2(*dp, (v3 ? NFSX_V3STATFS : NFSX_V2STATFS));
 
        sfsp = (const struct nfs_statfs *)dp;
 
@@ -1159,8 +1173,10 @@
        int er;
 
        dp = parsestatus(dp, &er);
-       if (dp == 0 || er)
+       if (dp == NULL)
                return (0);
+       if (er)
+               return (1);
        if (qflag)
                return (1);
 
@@ -1196,7 +1212,7 @@
        if (!ntohl(dp[0]))
                return (dp + 1);
        dp++;
-       TCHECK2(dp, 24);
+       TCHECK2(*dp, 24);
        if (verbose > 1) {
                return parse_wcc_attr(dp);
        } else {
@@ -1333,9 +1349,9 @@
                       (u_int32_t) ntohl(sfp->fs_timedelta.nfsv3_sec),
                       (u_int32_t) ntohl(sfp->fs_timedelta.nfsv3_nsec));
        }
-       return (0);
+       return (1);
 trunc:
-       return (1);
+       return (0);
 }
 
 static int
@@ -1363,9 +1379,9 @@
               ntohl(spp->pc_chownrestricted) ? "chownres" : "",
               ntohl(spp->pc_caseinsensitive) ? "igncase" : "",
               ntohl(spp->pc_casepreserving) ? "keepcase" : "");
-       return (0);
+       return (1);
 trunc:
-       return (1);
+       return (0);
 }
 
 static void

Prev by Date: [src/netbsd-1-5]: src Today's set -- TODO list shorter but not yet empty:
Next by Date: [src/netbsd-1-5]: src/sys/isofs/cd9660 Pull up revision 1.60 (requested by dr...
Previous by Thread: [src/netbsd-1-5]: src Today's set -- TODO list shorter but not yet empty:
Next by Thread: [src/netbsd-1-5]: src/sys/isofs/cd9660 Pull up revision 1.60 (requested by dr...
Indexes:

Home | Main Index | Thread Index | Old Index