dist

Cy Schubert Wed, 18 Dec 2019 16:12:08 -0800

Author: cy
Date: Thu Dec 19 00:11:18 2019
New Revision: 355890
URL: https://svnweb.freebsd.org/changeset/base/355890


Log:
  Fix libpcap issue #893: check for invalid IPv4 addresses.
  
  This fixes errors such as:
  
  tcpdump -i lagg0 net 999.999.999.999
  
  This was originally discovered on a Red Hat 7.7 server and verified
  to also be a bug on FreeBSD.
  
  Obtained from:        https://github.com/the-tcpdump-group/libpcap/commit/ \
                07070918d5e81a515315b395f334e52589fe0fb
  Fixed by:     https://github.com/guyharris

Modified:
  vendor/libpcap/dist/gencode.c
  vendor/libpcap/dist/nametoaddr.c

Modified: vendor/libpcap/dist/gencode.c
==============================================================================
--- vendor/libpcap/dist/gencode.c       Wed Dec 18 23:00:56 2019        
(r355889)
+++ vendor/libpcap/dist/gencode.c       Thu Dec 19 00:11:18 2019        
(r355890)
@@ -6955,11 +6955,15 @@ gen_mcode(compiler_state_t *cstate, const char *s1, co
                return (NULL);
 
        nlen = __pcap_atoin(s1, &n);
+       if (nlen < 0)
+               bpf_error(cstate, "invalid IPv4 address '%s'", s1);
        /* Promote short ipaddr */
        n <<= 32 - nlen;
 
        if (s2 != NULL) {
                mlen = __pcap_atoin(s2, &m);
+               if (mlen < 0)
+                       bpf_error(cstate, "invalid IPv4 address '%s'", s2);
                /* Promote short ipaddr */
                m <<= 32 - mlen;
                if ((n & ~m) != 0)
@@ -7017,8 +7021,11 @@ gen_ncode(compiler_state_t *cstate, const char *s, bpf
                vlen = __pcap_atodn(s, &v);
                if (vlen == 0)
                        bpf_error(cstate, "malformed decnet address '%s'", s);
-       } else
+       } else {
                vlen = __pcap_atoin(s, &v);
+               if (vlen < 0)
+                       bpf_error(cstate, "invalid IPv4 address '%s'", s);
+       }
 
        switch (q.addr) {
 

Modified: vendor/libpcap/dist/nametoaddr.c
==============================================================================
--- vendor/libpcap/dist/nametoaddr.c    Wed Dec 18 23:00:56 2019        
(r355889)
+++ vendor/libpcap/dist/nametoaddr.c    Thu Dec 19 00:11:18 2019        
(r355890)
@@ -653,8 +653,15 @@ __pcap_atoin(const char *s, bpf_u_int32 *addr)
        len = 0;
        for (;;) {
                n = 0;
-               while (*s && *s != '.')
+               while (*s && *s != '.') {
+                       if (n > 25) {
+                               /* The result will be > 255 */
+                               return -1;
+                       }
                        n = n * 10 + *s++ - '0';
+               }
+               if (n > 255)
+                       return -1;
                *addr <<= 8;
                *addr |= n & 0xff;
                len += 8;
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"

svn commit: r355890 - vendor/libpcap/dist

Reply via email to