diff options
| -rw-r--r-- | UPDATING | 3 | ||||
| -rw-r--r-- | contrib/tcpdump/interface.h | 12 |
2 files changed, 13 insertions, 2 deletions
@@ -18,6 +18,9 @@ minimal number of processes, if possible, for that patch. For those updates that don't have an advisory, or to be safe, you can do a full build and install as described in the COMMON ITEMS section. +20020712: p15 FreeBSD-SA-02:29.tcpdump + A buffer overflow in tcpdump has been corrected. + 20020711: p15 FreeBSD-SA-02:30.ktrace Prevent users from tracing previously privileged processes. diff --git a/contrib/tcpdump/interface.h b/contrib/tcpdump/interface.h index 2459764d7b69..af069cb2f2dc 100644 --- a/contrib/tcpdump/interface.h +++ b/contrib/tcpdump/interface.h @@ -132,8 +132,16 @@ extern int snaplen; extern const u_char *packetp; extern const u_char *snapend; -/* True if "l" bytes of "var" were captured */ -#define TTEST2(var, l) ((u_char *)&(var) <= snapend - (l)) +/* + * True if "l" bytes of "var" were captured. + * + * The "snapend - (l) <= snapend" checks to make sure "l" isn't so large + * that "snapend - (l)" underflows. + * + * The check is for <= rather than < because "l" might be 0. + */ +#define TTEST2(var, l) (snapend - (l) <= snapend && \ + (const u_char *)&(var) <= snapend - (l)) /* True if "var" was captured */ #define TTEST(var) TTEST2(var, sizeof(var)) |