git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
tcpreplay
1
0
Fork 0
Files
Tree: 3c44da07a4
Branches Tags
tcpreplay
/
debian
/
patches
/
cherry-pick.v4.3.1-2-gecee2ace.fix-null-pointer-dereference-get-ipv6-l4proto.patch

cherry-pick.v4.3.1-2-gecee2ace.fix-null-pointer-dereference-get-ipv6-l4proto.patch 897 B
History Raw

1234567891011121314151617181920212223 
  1. Subject: Fix NULL pointer dereference get_ipv6_l4proto()
    2. 

  2. ID: CVE-2019-8376
    3. 

  3. Origin: v4.3.1-2-gecee2ace <https://github.com/appneta/tcpreplay/commit/v4.3.1-2-gecee2ace>
    4. 

  4. Upstream-Author: Gabriel Ganne <gabriel.ganne@mindmaze.ch>
    5. 

  5. Date: Wed Mar 6 14:31:08 2019 +0100
    6. 

  6. Bug-Debian: https://bugs.debian.org/922624
    7. 

  7. 

  8.     get_ipv6_next() returns NULL on malformed packets. If that happens
    9. 

  9.     return the last proto that could be read.
    10. 

  10. 

  11.     This should fix issue #537
    12. 

  12. 

  13. --- a/src/common/get.c
    14. 

  14. +++ b/src/common/get.c
    15. 

  15. @@ -536,6 +536,8 @@
    16. 

  16.              case TCPR_IPV6_NH_HBH:
    17. 

  17.                  dbgx(3, "Jumping to next extension header (0x%hhx)", proto);
    18. 

  18.                  exthdr = get_ipv6_next((struct tcpr_ipv6_ext_hdr_base *)ptr, len);
    19. 

  19. +                if (exthdr == NULL)
    20. 

  20. +                    return proto;
    21. 

  21.                  proto = exthdr->ip_nh;
    22. 

  22.                  ptr = (u_char *)exthdr;
    23. 

  23.                  break;
    24.