Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Guarding against reading beyond packet data when accessing L2 address

Browse source 
in Radiotap header.

This is temporary until we clean up the preceding length check.
This commit is contained in:
Robin Sommer 2016-06-07 15:58:01 -07:00
parent f662989c09
commit cfe9ba28dd
1 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/iosource/Packet.cc
View file

@ -310,18 +310,24 @@ void Packet::ProcessLayer2()
break; break;
case 0x01: case 0x01:
l2_dst = pdata + 16;
l2_src = pdata + 10; l2_src = pdata + 10;
l2_dst = pdata + 16;
break; break;
case 0x02: case 0x02:
l2_dst = pdata + 4;
l2_src = pdata + 16; l2_src = pdata + 16;
l2_dst = pdata + 4;
break; break;
case 0x03: case 0x03:
l2_dst = pdata + 16; // TODO: We should integrate this
l2_src = pdata + 24; // test into the length check above.
if ( pdata + 24 + l2_addr_len >= end_of_data )
{
l2_dst = pdata + 16;
l2_src = pdata + 24;
}
break; break;
} }
} }