git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
tcpreplay
1
0
Fork 0
Files
Tree: 332fb1e310
Branches Tags
tcpreplay
/
debian
/
patches
/
cherry-pick.v4.3.1-12-gdae97cba.bugs-538-add-check-for-packet-length-in-do-checksum.patch

cherry-pick.v4.3.1-12-gdae97cba.bugs-538-add-check-for-packet-length-in-do-checksum.patch 1.0 KB
History Raw

1234567891011121314151617181920212223242526272829303132 
  1. Subject: Bugs #538 add check for packet length in do_checksum()
    2. 

  2. ID: CVE-2019-8381
    3. 

  3. Origin: v4.3.1-12-gdae97cba <https://github.com/appneta/tcpreplay/commit/v4.3.1-12-gdae97cba>
    4. 

  4. Upstream-Author: Fred Klassen <fklassen@appneta.com>
    5. 

  5. Date: Tue Mar 12 13:29:10 2019 -0700
    6. 

  6. Bug-Debian: https://bugs.debian.org/922622
    7. 

  7. 

  8. --- a/src/tcpedit/checksum.c
    9. 

  9. +++ b/src/tcpedit/checksum.c
    10. 

  10. @@ -41,6 +41,7 @@
    11. 

  11.      udp_hdr_t *udp;
    12. 

  12.      icmpv4_hdr_t *icmp;
    13. 

  13.      icmpv6_hdr_t *icmp6;
    14. 

  14. +    u_char *layer;
    15. 

  15.      int ip_hl;
    16. 

  16.      int sum;
    17. 

  17.  
    18. 

  18. @@ -62,7 +63,13 @@
    19. 

  19.          proto = get_ipv6_l4proto(ipv6, len);
    20. 

  20.          dbgx(3, "layer4 proto is 0x%hx", (uint16_t)proto);
    21. 

  21.  
    22. 

  22. -        ip_hl = (u_char*)get_layer4_v6(ipv6, len) - (u_char*)data;
    23. 

  23. +        layer = (u_char*)get_layer4_v6(ipv6, len);
    24. 

  24. +        if (!layer) {
    25. 

  25. +            tcpedit_setwarn(tcpedit, "%s", "Packet to short for checksum");
    26. 

  26. +            return TCPEDIT_WARN;
    27. 

  27. +        }
    28. 

  28. +
    29. 

  29. +        ip_hl = layer - (u_char*)data;
    30. 

  30.          dbgx(3, "ip_hl proto is 0x%d", ip_hl);
    31. 

  31.  
    32. 

  32.          len -= (ip_hl - TCPR_IPV6_H);
    33.