Repository : ssh://git@open-mesh.org/batctl
On branch : next
commit e5c2e7f3aeedac12e1e851c8a29feda8275d8d7d Author: Sven Eckelmann sven@narfation.org Date: Wed Nov 12 18:58:26 2014 +0100
batctl: Parse only TVLV when header is available
The TVLV must only start parsing an header when at least one TVLV header is available. Otherwise data behind the received data might be accessed.
This regression was introduced by 4c39fb823b86036df40187f8bd342fe5398c28ef ("batctl: tcpdump - parse TVLV containers").
Signed-off-by: Sven Eckelmann sven@narfation.org Signed-off-by: Marek Lindner mareklindner@neomailbox.ch
e5c2e7f3aeedac12e1e851c8a29feda8275d8d7d tcpdump.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tcpdump.c b/tcpdump.c index c3c847e..3e57544 100644 --- a/tcpdump.c +++ b/tcpdump.c @@ -256,7 +256,7 @@ static void dump_batman_ucast_tvlv(unsigned char *packet_buff, ssize_t buff_len,
ptr = (uint8_t *)(tvlv_packet + 1);
- while (tvlv_len > 0) { + while (tvlv_len >= (ssize_t)sizeof(*tvlv_hdr)) { tvlv_hdr = (struct batadv_tvlv_hdr *)ptr; len = ntohs(tvlv_hdr->len);
@@ -685,7 +685,7 @@ static void dump_batman_iv_ogm(unsigned char *packet_buff, ssize_t buff_len, int
ptr = (uint8_t *)(batman_ogm_packet + 1);
- while (tvlv_len > 0) { + while (tvlv_len >= (ssize_t)sizeof(*tvlv_hdr)) { tvlv_hdr = (struct batadv_tvlv_hdr *)ptr; len = ntohs(tvlv_hdr->len);
-
postmaster@open-mesh.org