1234567891011121314151617181920212223 |
- Subject: Fix NULL pointer dereference in get_layer4_v6()
- ID: CVE-2019-8377
- Origin: v4.3.1-3-g5d6f191d <https://github.com/appneta/tcpreplay/commit/v4.3.1-3-g5d6f191d>
- Upstream-Author: Gabriel Ganne <gabriel.ganne@mindmaze.ch>
- Date: Wed Mar 6 14:15:56 2019 +0100
- Bug-Debian: https://bugs.debian.org/922623
- get_ipv6_next() returns NULL on malformed packets. If that happens
- return the last header that could be read.
- This should fix issue #536
- --- a/src/common/get.c
- +++ b/src/common/get.c
- @@ -407,6 +407,8 @@
- dbgx(3, "Going deeper due to extension header 0x%02X", proto);
- maxlen = len - (int)((u_char *)ip6_hdr - (u_char *)next);
- exthdr = get_ipv6_next(next, maxlen);
- + if (exthdr == NULL)
- + return next;
- proto = exthdr->ip_nh;
- next = exthdr;
- break;
|