aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBill Fenner <fenner@FreeBSD.org>2001-07-09 01:44:37 +0000
committerBill Fenner <fenner@FreeBSD.org>2001-07-09 01:44:37 +0000
commitb68d3b22b2a05cc8be8b68a91e04529e539bff33 (patch)
tree4ca81298429b0e08b635df310cd30c1c091d6e6c
parent93a3746af7c5a204900c6b147d5137f6e30a7092 (diff)
downloadsrc-b68d3b22b2a05cc8be8b68a91e04529e539bff33.tar.gz
src-b68d3b22b2a05cc8be8b68a91e04529e539bff33.zip
Don't allow STROUT() to use a negative string length.
Use fn_print() and fn_printn() to print strings from the packet. Approved by: kris
Notes
Notes: svn path=/releng/4.3/; revision=79441
-rw-r--r--contrib/tcpdump/print-rx.c26
1 files changed, 17 insertions, 9 deletions
diff --git a/contrib/tcpdump/print-rx.c b/contrib/tcpdump/print-rx.c
index ed5cca90709b..fde50345df04 100644
--- a/contrib/tcpdump/print-rx.c
+++ b/contrib/tcpdump/print-rx.c
@@ -580,14 +580,16 @@ rx_cache_find(const struct rx_header *rxh, const struct ip *ip, int sport,
printf(" fid %d/%d/%d", (int) n1, (int) n2, (int) n3); \
}
-#define STROUT(MAX) { int i; \
+#define STROUT(MAX) { unsigned int i; \
TRUNC(sizeof(int32_t)); \
- i = (int) ntohl(*((int *) bp)); \
+ i = ntohl(*((int *) bp)); \
+ if (i > MAX) \
+ goto trunc; \
bp += sizeof(int32_t); \
- TRUNC(i); \
- strncpy(s, bp, min(MAX, i)); \
- s[i] = '\0'; \
- printf(" \"%s\"", s); \
+ printf(" \""); \
+ if (fn_printn(bp, i, snapend)) \
+ goto trunc; \
+ printf("\""); \
bp += ((i + sizeof(int32_t) - 1) / sizeof(int32_t)) * sizeof(int32_t); \
}
@@ -672,7 +674,9 @@ rx_cache_find(const struct rx_header *rxh, const struct ip *ip, int sport,
bp += sizeof(int32_t); \
} \
s[MAX] = '\0'; \
- printf(" \"%s\"", s); \
+ printf(" \""); \
+ fn_print(s, NULL); \
+ printf("\""); \
}
/*
@@ -954,7 +958,9 @@ acl_print(u_char *s, int maxsize, u_char *end)
if (sscanf((char *) s, "%s %d\n%n", user, &acl, &n) != 2)
goto finish;
s += n;
- printf(" +{%s ", user);
+ printf(" +{");
+ fn_print(user, NULL);
+ printf(" ");
ACLOUT(acl);
printf("}");
if (s > end)
@@ -965,7 +971,9 @@ acl_print(u_char *s, int maxsize, u_char *end)
if (sscanf((char *) s, "%s %d\n%n", user, &acl, &n) != 2)
goto finish;
s += n;
- printf(" -{%s ", user);
+ printf(" -{");
+ fn_print(user, NULL);
+ printf(" ");
ACLOUT(acl);
printf("}");
if (s > end)