From: lteo Date: Thu, 15 Oct 2015 02:33:25 +0000 (+0000) Subject: Fix a crash that occurs when printing the filename in a malformed NFS X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=1786e3cc0a959b5cb7b1e63cbc43c7a3ca282ac0;p=openbsd Fix a crash that occurs when printing the filename in a malformed NFS request packet. From Kevin Reay who obtained the fix from the tcpdump.org repo (part of commit 6191f36146f5d286304e9b6e893477fe509d83ab). ok canacar@ sthen@ --- diff --git a/usr.sbin/tcpdump/print-nfs.c b/usr.sbin/tcpdump/print-nfs.c index daf3a0f86f3..3697e9938f3 100644 --- a/usr.sbin/tcpdump/print-nfs.c +++ b/usr.sbin/tcpdump/print-nfs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-nfs.c,v 1.19 2015/01/16 06:40:21 deraadt Exp $ */ +/* $OpenBSD: print-nfs.c,v 1.20 2015/10/15 02:33:25 lteo Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -381,9 +381,11 @@ parsefn(register const u_int32_t *dp) cp = (u_char *)dp; /* Update 32-bit pointer (NFS filenames padded to 32-bit boundaries) */ dp += ((len + 3) & ~3) / sizeof(*dp); - /* XXX seems like we should be checking the length */ putchar('"'); - (void) fn_printn(cp, len, NULL); + if (fn_printn(cp, len, snapend)) { + putchar('"'); + goto trunc; + } putchar('"'); return (dp);