62bf2bfd53
Add upstream patch for CVE-2017-6429: Buffer overflow when reading crafted pcap file with large packets. https://github.com/appneta/tcpreplay/issues/278 Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
45 lines
1.3 KiB
Diff
45 lines
1.3 KiB
Diff
From d689d14dbcd768c028eab2fb378d849e543dcfe9 Mon Sep 17 00:00:00 2001
|
|
From: Fred Klassen <fklassen@appneta.com>
|
|
Date: Sun, 26 Feb 2017 20:45:59 -0800
|
|
Subject: [PATCH] #278 fail if capture has a packet that is too large (#286)
|
|
|
|
* #278 fail if capture has a packet that is too large
|
|
|
|
[baruch: remove the CHANGELOG update]
|
|
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
|
---
|
|
Upstream status: upstream commit d689d14db
|
|
|
|
diff --git a/src/tcpcapinfo.c b/src/tcpcapinfo.c
|
|
index 775f1625b00f..96928820fe94 100644
|
|
--- a/src/tcpcapinfo.c
|
|
+++ b/src/tcpcapinfo.c
|
|
@@ -281,6 +281,15 @@ main(int argc, char *argv[])
|
|
caplen = pcap_ph.caplen;
|
|
}
|
|
|
|
+ if (caplentoobig) {
|
|
+ printf("\n\nCapture file appears to be damaged or corrupt.\n"
|
|
+ "Contains packet of size %u, bigger than snap length %u\n",
|
|
+ caplen, pcap_fh.snaplen);
|
|
+
|
|
+ close(fd);
|
|
+ break;
|
|
+ }
|
|
+
|
|
/* check to make sure timestamps don't go backwards */
|
|
if (last_sec > 0 && last_usec > 0) {
|
|
if ((pcap_ph.ts.tv_sec == last_sec) ?
|
|
@@ -306,7 +315,7 @@ main(int argc, char *argv[])
|
|
}
|
|
|
|
close(fd);
|
|
- continue;
|
|
+ break;
|
|
}
|
|
|
|
/* print the frame checksum */
|
|
--
|
|
2.11.0
|
|
|