[10850] in bugtraq
Re: tcpdump 3.4 bug?
daemon@ATHENA.MIT.EDU (acpizer)
Thu Jun 17 12:24:29 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.NEB.3.96.990617121247.4115A-100000@mach.unseen.org>
Date: Thu, 17 Jun 1999 12:19:06 +0100
Reply-To: acpizer <acpizer@MACH.UNSEEN.ORG>
From: acpizer <acpizer@MACH.UNSEEN.ORG>
To: BUGTRAQ@NETSPACE.ORG
The given source for killing tcpdump will only work on local networks
since routers drop the bad packet it creates, a more constuctive patch for
tcpdump is listed below.
-- snip --
diff -r -p print-ip.orig.c print-ip.c
*** print-ip.orig.c Thu Jun 17 11:24:17 1999
--- print-ip.c Thu Jun 17 14:07:50 1999
*************** ip_print(register const u_char *bp, regi
*** 374,379 ****
--- 374,384 ----
(void)printf("truncated-ip %d", length);
return;
}
+
+ if (ip->ip_hl == 0) {
+ (void)printf("bad ip packet - header length = 0\n");
+ return;
+ }
hlen = ip->ip_hl * 4;
len = ntohs(ip->ip_len);
-- snip --
Cheers.
-------------------------------------------------------------------------------
"Probably you've only really grown up, when you can bear not being understood."
Marian Gold /Alphaville
