On Nov 21, 2014, at 2:01 PM, Romain Francoise <rfranco...@debian.org> wrote:
> Ok, the fixes still aren't on master, but now there's a tcpdump-4.7
> branch with the commits I need.
>
> So I apparently need all of these?
>
> 3f5693a 10 days ago Guy Harris Report a too-long unreachable destination list.
> 54d2912 10 days ago Guy Harris Not using offsetof() any more, so no need for
> <stddef.h>.
> e302ff0 10 days ago Guy Harris Further cleanups.
> 3e8a443 10 days ago Guy Harris Clean up error message printing.
> ab4e52b 10 days ago Guy Harris Add initial bounds check, get rid of union
> aodv.
> 4038f83 10 days ago Guy Harris Do more bounds checking and length checking.
> 9255c9b 10 days ago Guy Harris Do bounds checking and length checking.
>
> print-aodv.c | 481 ++++++++++++++++++++++++++-------------------------------
> print-geonet.c | 270 ++++++++++++++++++--------------
> print-olsr.c | 56 +++++--
> 3 files changed, 417 insertions(+), 390 deletions(-)
Yes.
> That's a lot bigger than typical security patches. :(
So it goes. You can tweak the code the minimum amount to cope with the problem
as demonstrated by sample captures, or you can audit the whole damn thing to
see what other problems might be lurking there, and sometimes that involves
cleaning up the code to make it a bit more obvious what
{ND_}TCHECK*/{ND_}TTEST* checks need to be added.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
