libpcap

Cy Schubert Sat, 21 Dec 2019 13:06:54 -0800

Author: cy
Date: Sat Dec 21 21:05:53 2019
New Revision: 355990
URL: https://svnweb.freebsd.org/changeset/base/355990


Log:
  MFV r355890:
  
  Fix libpcap issue #893: check for invalid IPv4 addresses.
  
  This fixes errors such as:
  
  tcpdump -i lagg0 net 999.999.999.999
  
  This was originally discovered on a Red Hat 7.7 server and verified
  to also be a bug on FreeBSD.
  
  Obtained from:        https://github.com/the-tcpdump-group/libpcap/commit/ \
                07070918d5e81a515315b395f334e52589fe0fb
  Fixed by:     https://github.com/guyharris
  MFC after:    2 weeks

Modified:
  head/contrib/libpcap/gencode.c
  head/contrib/libpcap/nametoaddr.c
Directory Properties:
  head/contrib/libpcap/   (props changed)

Modified: head/contrib/libpcap/gencode.c
==============================================================================
--- head/contrib/libpcap/gencode.c      Sat Dec 21 21:02:50 2019        
(r355989)
+++ head/contrib/libpcap/gencode.c      Sat Dec 21 21:05:53 2019        
(r355990)
@@ -6955,11 +6955,15 @@ gen_mcode(compiler_state_t *cstate, const char *s1, co
                return (NULL);
 
        nlen = __pcap_atoin(s1, &n);
+       if (nlen < 0)
+               bpf_error(cstate, "invalid IPv4 address '%s'", s1);
        /* Promote short ipaddr */
        n <<= 32 - nlen;
 
        if (s2 != NULL) {
                mlen = __pcap_atoin(s2, &m);
+               if (mlen < 0)
+                       bpf_error(cstate, "invalid IPv4 address '%s'", s2);
                /* Promote short ipaddr */
                m <<= 32 - mlen;
                if ((n & ~m) != 0)
@@ -7017,8 +7021,11 @@ gen_ncode(compiler_state_t *cstate, const char *s, bpf
                vlen = __pcap_atodn(s, &v);
                if (vlen == 0)
                        bpf_error(cstate, "malformed decnet address '%s'", s);
-       } else
+       } else {
                vlen = __pcap_atoin(s, &v);
+               if (vlen < 0)
+                       bpf_error(cstate, "invalid IPv4 address '%s'", s);
+       }
 
        switch (q.addr) {
 

Modified: head/contrib/libpcap/nametoaddr.c
==============================================================================
--- head/contrib/libpcap/nametoaddr.c   Sat Dec 21 21:02:50 2019        
(r355989)
+++ head/contrib/libpcap/nametoaddr.c   Sat Dec 21 21:05:53 2019        
(r355990)
@@ -653,8 +653,15 @@ __pcap_atoin(const char *s, bpf_u_int32 *addr)
        len = 0;
        for (;;) {
                n = 0;
-               while (*s && *s != '.')
+               while (*s && *s != '.') {
+                       if (n > 25) {
+                               /* The result will be > 255 */
+                               return -1;
+                       }
                        n = n * 10 + *s++ - '0';
+               }
+               if (n > 255)
+                       return -1;
                *addr <<= 8;
                *addr |= n & 0xff;
                len += 8;
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r355990 - head/contrib/libpcap

Reply via email to