diff options
Diffstat (limited to 'net/ethereal/patches/patch-ac')
| -rw-r--r-- | net/ethereal/patches/patch-ac | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/net/ethereal/patches/patch-ac b/net/ethereal/patches/patch-ac new file mode 100644 index 00000000000..6f57b5a61e4 --- /dev/null +++ b/net/ethereal/patches/patch-ac @@ -0,0 +1,64 @@ +$NetBSD: patch-ac,v 1.3.2.2 2005/12/10 23:40:58 snj Exp $ + +Security fix for CVE-2005-3651, from Ethereal SVN tree. + +--- epan/dissectors/packet-ospf.c.orig 2005-10-10 15:23:02.000000000 +0200 ++++ epan/dissectors/packet-ospf.c 2005-12-10 21:40:23.000000000 +0100 +@@ -2321,39 +2321,28 @@ + static void dissect_ospf_v3_address_prefix(tvbuff_t *tvb, int offset, int prefix_length, proto_tree *tree) + { + +- guint8 value; +- guint8 position; +- guint8 bufpos; +- gchar *buffer; +- gchar *bytebuf; +- guint8 bytes_to_process; +- int start_offset; +- +- start_offset=offset; +- position=0; +- bufpos=0; +- bytes_to_process=((prefix_length+31)/32)*4; +- +- buffer=ep_alloc(32+7); +- while (bytes_to_process > 0 ) { +- +- value=tvb_get_guint8(tvb, offset); ++ int bytes_to_process; ++ struct e_in6_addr prefix; + +- if ( (position > 0) && ( (position%2) == 0 ) ) +- buffer[bufpos++]=':'; ++ bytes_to_process=((prefix_length+31)/32)*4; + +- bytebuf=ep_alloc(3); +- g_snprintf(bytebuf, 3, "%02x",value); +- buffer[bufpos++]=bytebuf[0]; +- buffer[bufpos++]=bytebuf[1]; +- +- position++; +- offset++; +- bytes_to_process--; ++ if (prefix_length > 128) { ++ proto_tree_add_text(tree, tvb, offset, bytes_to_process, ++ "Address Prefix: length is invalid (%d, should be <= 128)", ++ prefix_length); ++ return; + } + +- buffer[bufpos]=0; +- proto_tree_add_text(tree, tvb, start_offset, ((prefix_length+31)/32)*4, "Address Prefix: %s",buffer); ++ memset(prefix.bytes, 0, sizeof prefix.bytes); ++ if (bytes_to_process != 0) { ++ tvb_memcpy(tvb, prefix.bytes, offset, bytes_to_process); ++ if (prefix_length % 8) { ++ prefix.bytes[bytes_to_process - 1] &= ++ ((0xff00 >> (prefix_length % 8)) & 0xff); ++ } ++ } ++ proto_tree_add_text(tree, tvb, offset, bytes_to_process, ++ "Address Prefix: %s", ip6_to_str(&prefix)); + + } + |