Skip to content

Commit

Permalink
(for 4.9.3) AoE: Add another bounds check.
Browse files Browse the repository at this point in the history 
In aoev1_print() check bounds before fetching the Flags octet to prevent
a buffer over-read.

Found by code inspection hence there is no test case at this time.
  • Loading branch information
@infrastation @fxlb
infrastation authored and fxlb committed Aug 18, 2019
1 parent 2391d53 commit 05a303c
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions print-aoe.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -351,6 +351,7 @@ aoev1_print(netdissect_options *ndo,
if (len < AOEV1_COMMON_HDR_LEN)
goto invalid;
/* Flags */
ND_TCHECK2(*cp, 1);
flags = *cp & 0x0F;
ND_PRINT((ndo, ", Flags: [%s]", bittok2str(aoev1_flag_str, "none", flags)));
cp += 1;
Expand Down

0 comments on commit 05a303c

Please sign in to comment.