diff options
author | sam <sam@FreeBSD.org> | 2005-06-09 15:42:58 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2005-06-09 15:42:58 +0000 |
commit | a6836add6eafd2d06f4eeb7200e8217ba3399c1b (patch) | |
tree | 8e20992bcc0482f19f589c8c4e3ebe1ac3bdc323 /contrib/tcpdump/print-isoclns.c | |
parent | cbc6e26dd5d6740368f56495e5392bbe9fb7dbae (diff) | |
download | FreeBSD-src-a6836add6eafd2d06f4eeb7200e8217ba3399c1b.zip FreeBSD-src-a6836add6eafd2d06f4eeb7200e8217ba3399c1b.tar.gz |
Correct several denial-of-service vulnerabilities in tcpdump.
Security: FreeBSD-SA-05:10.tcpdump
Security: CAN-2005-1267, CAN-2005-1278, CAN-2005-1279, CAN-2005-1280
Obtained from: tcpdump.org
Diffstat (limited to 'contrib/tcpdump/print-isoclns.c')
-rw-r--r-- | contrib/tcpdump/print-isoclns.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/contrib/tcpdump/print-isoclns.c b/contrib/tcpdump/print-isoclns.c index 37ecf0b..a35ac95 100644 --- a/contrib/tcpdump/print-isoclns.c +++ b/contrib/tcpdump/print-isoclns.c @@ -1905,6 +1905,9 @@ static int isis_print (const u_int8_t *p, u_int length) tlv_type, tlv_len); + if (tlv_len == 0) /* something is malformed */ + break; + /* now check if we have a decoder otherwise do a hexdump at the end*/ switch (tlv_type) { case ISIS_TLV_AREA_ADDR: @@ -1935,7 +1938,7 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_ISNEIGH_VARLEN: - if (!TTEST2(*tptr, 1)) + if (!TTEST2(*tptr, 1) || tmp < 3) /* min. TLV length */ goto trunctlv; lan_alen = *tptr++; /* LAN adress length */ tmp --; |