Severity: critical
traceroute6.c
693 * Convert an ICMP "type" field to a printable string.
694 */
695 char * pr_type(unsigned char t)
696 {
...
705 static char *ttab2[] = {
706 "Echo Reply",
707 "Echo Request",
708 "Membership Query",
709 "Membership Report",
710 "Membership Reduction",
711 };
...
718 if (t >= 128 && t <= 132)
719 {
720 return (ttab2[t]);
721 }
...Can somebody PLEASE explain the author of the code that C arrays are 0 based and not based at 128? C != Java. Thank you. To just make it clear for people who can't read C: when t=128 then ttab2[t] is actually ttab2[128] and that causes a nice segfault. As such one only needs to send a ICMPv6 Echo Reply/Request or one of the MLD's and it will crash. Want to deny somebody from traceroute6's just send those packets. Greets, Jeroen
signature.asc
Description: OpenPGP digital signature
