[tcpdump-workers] 0 length ether addr len

Rob Braun Wed, 04 Sep 2002 22:54:33 -0700


If tcpdump recieves a packet with a link layer address length
specified as 0, tcpdump will try to index into the address with
(unsigned)-1.  This prevents that invalid memory access (and subsequent crash).
I encountered this with arp requests/responses with the link layer
address length field (struct arphdr).ar_hln == 0;


Rob

Index: addrtoname.c
===================================================================
RCS file: /tcpdump/master/tcpdump/addrtoname.c,v
retrieving revision 1.92
diff -u -d -r1.92 addrtoname.c
--- addrtoname.c        2002/08/07 13:53:21     1.92
+++ addrtoname.c        2002/09/05 05:50:53
@@ -447,6 +447,9 @@
        register char *cp;
        register struct enamemem *tp;
 
+       if (len == 0)
+               return NULL;
+
        if (len == 6)   /* XXX not totally correct... */
                return etheraddr_string(ep);
 

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

[tcpdump-workers] 0 length ether addr len

Reply via email to