In aoev1_reserve_print() check bounds before trying to print an Ethernet
address.
Updated from a Denis Ovsienko's fix.
This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
https://github.com/the-tcpdump-group/tcpdump/commit/
28f610026d901660dd370862b62ec328727446a2?diff=split
Change-Id: I8d6cbde6e93809124a16fc94d3707ec64bf4417e
goto invalid;
/* addresses */
for (i = 0; i < nmacs; i++) {
+ ND_TCHECK2(cp, ETHER_ADDR_LEN);
ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp)));
cp += ETHER_ADDR_LEN;
}
projects / platform / upstream / tcpdump.git / commitdiff