Severity: critical traceroute6.c 693 * Convert an ICMP "type" field to a printable string. 694 */ 695 char * pr_type(unsigned char t) 696 { ... 705 static char *ttab2[] = { 706 "Echo Reply", 707 "Echo Request", 708 "Membership Query", 709 "Membership Report", 710 "Membership Reduction", 711 }; ... 718 if (t >= 128 && t <= 132) 719 { 720 return (ttab2[t]); 721 } ...
Can somebody PLEASE explain the author of the code that C arrays are 0 based and not based at 128? C != Java. Thank you. To just make it clear for people who can't read C: when t=128 then ttab2[t] is actually ttab2[128] and that causes a nice segfault. As such one only needs to send a ICMPv6 Echo Reply/Request or one of the MLD's and it will crash. Want to deny somebody from traceroute6's just send those packets. Greets, Jeroen
signature.asc
Description: OpenPGP digital signature