aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2002-07-12 13:31:44 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2002-07-12 13:31:44 +0000
commita9a49f739b3253eaf0c401a2507889ef81f5daac (patch)
tree7a4a83254b8f1282f8dc1a46909e603c002bc998
parentbf8ae2ab7c59d83df729943aeb3e675a35ff7d51 (diff)
downloadsrc-a9a49f739b3253eaf0c401a2507889ef81f5daac.tar.gz
src-a9a49f739b3253eaf0c401a2507889ef81f5daac.zip
MFC 1.6: Correct a buffer overflow when handling malformed NFS
packets.
Notes
Notes: svn path=/releng/4.4/; revision=99870
-rw-r--r--UPDATING3
-rw-r--r--contrib/tcpdump/interface.h12
2 files changed, 13 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index 7ccc38761b5b..f7d08f92ac5f 100644
--- a/UPDATING
+++ b/UPDATING
@@ -18,6 +18,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20020712: p15 FreeBSD-SA-02:29.tcpdump
+ A buffer overflow in tcpdump has been corrected.
+
20020711: p15 FreeBSD-SA-02:30.ktrace
Prevent users from tracing previously privileged processes.
diff --git a/contrib/tcpdump/interface.h b/contrib/tcpdump/interface.h
index 2459764d7b69..af069cb2f2dc 100644
--- a/contrib/tcpdump/interface.h
+++ b/contrib/tcpdump/interface.h
@@ -132,8 +132,16 @@ extern int snaplen;
extern const u_char *packetp;
extern const u_char *snapend;
-/* True if "l" bytes of "var" were captured */
-#define TTEST2(var, l) ((u_char *)&(var) <= snapend - (l))
+/*
+ * True if "l" bytes of "var" were captured.
+ *
+ * The "snapend - (l) <= snapend" checks to make sure "l" isn't so large
+ * that "snapend - (l)" underflows.
+ *
+ * The check is for <= rather than < because "l" might be 0.
+ */
+#define TTEST2(var, l) (snapend - (l) <= snapend && \
+ (const u_char *)&(var) <= snapend - (l))
/* True if "var" was captured */
#define TTEST(var) TTEST2(var, sizeof(var))