HomeFreeBSD
Diffusion FreeBSD src repository f8860353d4f4

tcpdump: ppp: Use the buffer stack for the de-escaping buffer
f8860353d4f4
Actions

Description

tcpdump: ppp: Use the buffer stack for the de-escaping buffer

This both saves the buffer for freeing later and saves the packet
pointer and snapend to be restored when packet processing is complete,
even if an exception is thrown with longjmp.

This means that the hex/ASCII printing in pretty_print_packet()
processes the packet data as captured or read from the savefile, rather
than as modified by the PPP printer, so that the bounds checking is
correct.

That fixes CVE-2024-2397, which was caused by an exception being thrown
by the hex/ASCII printer (which should only happen if those routines are
called by a packet printer, not if they're called for the -X/-x/-A
flag), which jumps back to the setjmp() that surrounds the packet
printer. Hilarity^Winfinite looping ensues.

Also, restore ndo->ndo_packetp before calling the hex/ASCII printing
routine, in case nd_pop_all_packet_info() didn't restore it.

Reviewed by: emaste

Details

Provenance
guy_alum.mit.eduAuthored on Tue, Sep 3, 5:11 PM
jrmCommitted on Tue, Sep 3, 5:24 PM
Parents
rGfbd465f26340: openssl: Bring over fix for CVE-2024-6119 from vendor/openssl-3.0.
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
contrib/
tcpdump/

rGf8860353d4f4

View Options

contrib/tcpdump/print-ppp.c

Loading...
View Options

contrib/tcpdump/print.c

Loading...