diff options
| author | Bill Fenner <fenner@FreeBSD.org> | 2004-01-13 17:28:59 +0000 |
|---|---|---|
| committer | Bill Fenner <fenner@FreeBSD.org> | 2004-01-13 17:28:59 +0000 |
| commit | c76561e4dc56e0caaeade9b482501e52daad5ce3 (patch) | |
| tree | 72631aba0d9a65f2afb23b262b0909eda89c4e7f | |
| parent | b97c9af58ad5902b91f3e97c12ac18b76954b8e2 (diff) | |
| download | src-c76561e4dc56e0caaeade9b482501e52daad5ce3.tar.gz src-c76561e4dc56e0caaeade9b482501e52daad5ce3.zip | |
Commit vendor update for vulnerabilities found by
Jonathan Heusser <jonny@drugphish.ch>
Notes
Notes:
svn path=/vendor/tcpdump/dist/; revision=124488
| -rw-r--r-- | contrib/tcpdump/print-isakmp.c | 8 | ||||
| -rw-r--r-- | contrib/tcpdump/print-radius.c | 2 |
2 files changed, 9 insertions, 1 deletions
diff --git a/contrib/tcpdump/print-isakmp.c b/contrib/tcpdump/print-isakmp.c index 6e5c58d737b1..d00d575dafd1 100644 --- a/contrib/tcpdump/print-isakmp.c +++ b/contrib/tcpdump/print-isakmp.c @@ -332,9 +332,13 @@ rawprint(caddr_t loc, size_t len) static u_char *p; int i; + TCHECK2(*loc, len); + p = (u_char *)loc; for (i = 0; i < len; i++) printf("%02x", p[i] & 0xff); +trunc: + } struct attrmap { @@ -1060,6 +1064,8 @@ isakmp_sub_print(u_char np, struct isakmp_gen *ext, u_char *ep, cp = (u_char *)ext; while (np) { + TCHECK2(*ext, sizeof(e)); + safememcpy(&e, ext, sizeof(e)); if (ep < (u_char *)ext + ntohs(e.len)) { @@ -1085,6 +1091,8 @@ isakmp_sub_print(u_char np, struct isakmp_gen *ext, u_char *ep, ext = (struct isakmp_gen *)cp; } return cp; +trunc: + return NULL; } static char * diff --git a/contrib/tcpdump/print-radius.c b/contrib/tcpdump/print-radius.c index 9ec406636d73..72cf22edeb44 100644 --- a/contrib/tcpdump/print-radius.c +++ b/contrib/tcpdump/print-radius.c @@ -473,7 +473,7 @@ print_attr_string(register u_char *data, u_int length, u_short attr_code ) break; } - for (i=0; i < length ; i++, data++) + for (i=0; *data && i < length ; i++, data++) printf("%c",(*data < 32 || *data > 128) ? '.' : *data ); printf("}"); |