diff options
Diffstat (limited to 'meta-networking')
-rw-r--r-- | meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch | 70 | ||||
-rw-r--r-- | meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb | 1 |
2 files changed, 71 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch b/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch new file mode 100644 index 000000000..9b74e00c5 --- /dev/null +++ b/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch | |||
@@ -0,0 +1,70 @@ | |||
1 | From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001 | ||
2 | From: Guy Harris <guy@alum.mit.edu> | ||
3 | Date: Sat, 18 Apr 2020 14:04:59 -0700 | ||
4 | Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer. | ||
5 | |||
6 | The buffer should be big enough to hold the captured data, but it | ||
7 | doesn't need to be big enough to hold the entire on-the-network packet, | ||
8 | if we haven't captured all of it. | ||
9 | |||
10 | (backported from commit e4add0b010ed6f2180dcb05a13026242ed935334) | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | Signed-off-by: Stacy Gaikovaia <stacy.gaikovaia@windriver.com> | ||
14 | |||
15 | --- | ||
16 | print-ppp.c | 18 ++++++++++++++---- | ||
17 | 1 file changed, 14 insertions(+), 4 deletions(-) | ||
18 | |||
19 | diff --git a/print-ppp.c b/print-ppp.c | ||
20 | index 89176172..33fb0341 100644 | ||
21 | --- a/print-ppp.c | ||
22 | +++ b/print-ppp.c | ||
23 | @@ -1367,19 +1367,29 @@ trunc: | ||
24 | return 0; | ||
25 | } | ||
26 | |||
27 | +/* | ||
28 | + * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. | ||
29 | + * The length argument is the on-the-wire length, not the captured | ||
30 | + * length; we can only un-escape the captured part. | ||
31 | + */ | ||
32 | static void | ||
33 | ppp_hdlc(netdissect_options *ndo, | ||
34 | const u_char *p, int length) | ||
35 | { | ||
36 | + u_int caplen = ndo->ndo_snapend - p; | ||
37 | u_char *b, *t, c; | ||
38 | const u_char *s; | ||
39 | - int i, proto; | ||
40 | + u_int i; | ||
41 | + int proto; | ||
42 | const void *se; | ||
43 | |||
44 | + if (caplen == 0) | ||
45 | + return; | ||
46 | + | ||
47 | if (length <= 0) | ||
48 | return; | ||
49 | |||
50 | - b = (u_char *)malloc(length); | ||
51 | + b = (u_char *)malloc(caplen); | ||
52 | if (b == NULL) | ||
53 | return; | ||
54 | |||
55 | @@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo, | ||
56 | * Do this so that we dont overwrite the original packet | ||
57 | * contents. | ||
58 | */ | ||
59 | - for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { | ||
60 | + for (s = p, t = b, i = caplen; i != 0; i--) { | ||
61 | c = *s++; | ||
62 | if (c == 0x7d) { | ||
63 | - if (i <= 1 || !ND_TTEST(*s)) | ||
64 | + if (i <= 1) | ||
65 | break; | ||
66 | i--; | ||
67 | c = *s++ ^ 0x20; | ||
68 | -- | ||
69 | 2.17.1 | ||
70 | |||
diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb index 94543dd1d..8f7bd59f1 100644 --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb | |||
@@ -17,6 +17,7 @@ SRC_URI = " \ | |||
17 | file://avoid-absolute-path-when-searching-for-libdlpi.patch \ | 17 | file://avoid-absolute-path-when-searching-for-libdlpi.patch \ |
18 | file://add-ptest.patch \ | 18 | file://add-ptest.patch \ |
19 | file://run-ptest \ | 19 | file://run-ptest \ |
20 | file://0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch \ | ||
20 | " | 21 | " |
21 | 22 | ||
22 | SRC_URI[md5sum] = "a4ead41d371f91aa0a2287f589958bae" | 23 | SRC_URI[md5sum] = "a4ead41d371f91aa0a2287f589958bae" |