Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/traceroute Fix incomplete extensions sanity checks
details: https://anonhg.NetBSD.org/src/rev/bd59f74f0919
branches: trunk
changeset: 756008:bd59f74f0919
user: kefren <kefren%NetBSD.org@localhost>
date: Fri Jul 02 12:13:11 2010 +0000
description:
Fix incomplete extensions sanity checks
diffstat:
usr.sbin/traceroute/traceroute.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diffs (47 lines):
diff -r 3a43e8fef6aa -r bd59f74f0919 usr.sbin/traceroute/traceroute.c
--- a/usr.sbin/traceroute/traceroute.c Fri Jul 02 11:38:20 2010 +0000
+++ b/usr.sbin/traceroute/traceroute.c Fri Jul 02 12:13:11 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: traceroute.c,v 1.74 2008/07/21 13:37:00 lukem Exp $ */
+/* $NetBSD: traceroute.c,v 1.75 2010/07/02 12:13:11 kefren Exp $ */
/*
* Copyright (c) 1988, 1989, 1991, 1994, 1995, 1996, 1997
@@ -29,7 +29,7 @@
#else
__COPYRIGHT("@(#) Copyright (c) 1988, 1989, 1991, 1994, 1995, 1996, 1997\
The Regents of the University of California. All rights reserved.");
-__RCSID("$NetBSD: traceroute.c,v 1.74 2008/07/21 13:37:00 lukem Exp $");
+__RCSID("$NetBSD: traceroute.c,v 1.75 2010/07/02 12:13:11 kefren Exp $");
#endif
#endif
@@ -1128,7 +1128,8 @@
ip = (struct ip *)buf;
- if (ip_len <= sizeof(struct ip) + ICMP_EXT_OFFSET) {
+ if (ip_len < (ip->ip_hl << 2) + ICMP_EXT_OFFSET +
+ sizeof(struct icmp_ext_cmn_hdr)) {
/*
* No support for ICMP extensions on this host
*/
@@ -1166,16 +1167,15 @@
buf += sizeof(*cmn_hdr);
datalen -= sizeof(*cmn_hdr);
- while (datalen > 0) {
+ while (datalen >= sizeof(struct icmp_ext_obj_hdr)) {
obj_hdr = (struct icmp_ext_obj_hdr *)buf;
obj_len = ntohs(obj_hdr->length);
/*
* Sanity check the length field
*/
- if (obj_len > datalen) {
+ if (obj_len > datalen)
return;
- }
datalen -= obj_len;
Home |
Main Index |
Thread Index |
Old Index