1234567891011121314151617181920212223242526272829303132 |
- Subject: Bugs #538 add check for packet length in do_checksum()
- ID: CVE-2019-8381
- Origin: v4.3.1-12-gdae97cba <https://github.com/appneta/tcpreplay/commit/v4.3.1-12-gdae97cba>
- Upstream-Author: Fred Klassen <fklassen@appneta.com>
- Date: Tue Mar 12 13:29:10 2019 -0700
- Bug-Debian: https://bugs.debian.org/922622
- --- a/src/tcpedit/checksum.c
- +++ b/src/tcpedit/checksum.c
- @@ -41,6 +41,7 @@
- udp_hdr_t *udp;
- icmpv4_hdr_t *icmp;
- icmpv6_hdr_t *icmp6;
- + u_char *layer;
- int ip_hl;
- int sum;
-
- @@ -62,7 +63,13 @@
- proto = get_ipv6_l4proto(ipv6, len);
- dbgx(3, "layer4 proto is 0x%hx", (uint16_t)proto);
-
- - ip_hl = (u_char*)get_layer4_v6(ipv6, len) - (u_char*)data;
- + layer = (u_char*)get_layer4_v6(ipv6, len);
- + if (!layer) {
- + tcpedit_setwarn(tcpedit, "%s", "Packet to short for checksum");
- + return TCPEDIT_WARN;
- + }
- +
- + ip_hl = layer - (u_char*)data;
- dbgx(3, "ip_hl proto is 0x%d", ip_hl);
-
- len -= (ip_hl - TCPR_IPV6_H);
|