aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--UPDATING3
-rw-r--r--contrib/tcpdump/interface.h12
2 files changed, 13 insertions, 2 deletions
diff --git a/UPDATING b/UPDATING
index 7ccc38761b5b..f7d08f92ac5f 100644
--- a/UPDATING
+++ b/UPDATING
@@ -18,6 +18,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20020712: p15 FreeBSD-SA-02:29.tcpdump
+ A buffer overflow in tcpdump has been corrected.
+
20020711: p15 FreeBSD-SA-02:30.ktrace
Prevent users from tracing previously privileged processes.
diff --git a/contrib/tcpdump/interface.h b/contrib/tcpdump/interface.h
index 2459764d7b69..af069cb2f2dc 100644
--- a/contrib/tcpdump/interface.h
+++ b/contrib/tcpdump/interface.h
@@ -132,8 +132,16 @@ extern int snaplen;
extern const u_char *packetp;
extern const u_char *snapend;
-/* True if "l" bytes of "var" were captured */
-#define TTEST2(var, l) ((u_char *)&(var) <= snapend - (l))
+/*
+ * True if "l" bytes of "var" were captured.
+ *
+ * The "snapend - (l) <= snapend" checks to make sure "l" isn't so large
+ * that "snapend - (l)" underflows.
+ *
+ * The check is for <= rather than < because "l" might be 0.
+ */
+#define TTEST2(var, l) (snapend - (l) <= snapend && \
+ (const u_char *)&(var) <= snapend - (l))
/* True if "var" was captured */
#define TTEST(var) TTEST2(var, sizeof(var))