tcpdump mailing list archives
Automatic report from sources (tcpdump libpcap htdocs) between 14.12.2002 - 15.12.2002 GMT
From: "Automatic cvs log generator /tcpdump/bin/makelog" <mcr () sandelman ottawa on ca>
Date: Sun, 15 Dec 2002 05:06:51 -0500 (EST)
CVS log entries from 14.12.2002 (Sat) 10:05:37 - 15.12.2002 (Sun) 10:05:37 GMT
=====================================================
Summary by authors
=====================================================
Author: hannes
File: tcpdump/print-ldp.c; Revisions: 1.4, 1.3
File: tcpdump/print-bgp.c; Revisions: 1.57
=====================================================
Log entries
=====================================================
Description:
patch from George Bakos gbakos[AT]ists.dartmouth.edu:
A denial of service vulnerability exists in the print-bgp
module in the way IPv4 Withdrawal prefix lengths are validated. If IPv6 is
not enabled, the function decode_prefix4() is called to breakout the
prefix length and network prefix fields of the UPDATE message. In
bgp_update_print, a pointer (i) is incremented with the returned length
and thus traverses all withdrawn routes in the UPDATE message. However, if
the prefix length is > 32, decode_prefix4() returns -1. As the pointer "i"
then decrements, instead of incrementing, an infinite loop is created,
halting any further packet analysis and creating a very nice cpu sponge.
The patch addresses the loop problem, and also intervenes
whenever the length exceeds 32 bits (in IPv4) regardless
of message type:
Modified files:
File: tcpdump/print-bgp.c; Revision: 1.57;
Date: 2002/12/15 08:33:23; Author: hannes; Lines: (+24 -8)
-------------------------------
Description:
fixed typos, fixed bug in unknown message processing
Modified files:
File: tcpdump/print-ldp.c; Revision: 1.4;
Date: 2002/12/14 13:50:16; Author: hannes; Lines: (+7 -7)
-------------------------------
Description:
added ldp_tlv_print() routine; support for Hello Message; support for common hello,IPv4/v6 transport address and Config
Sequence Number TLVs
Modified files:
File: tcpdump/print-ldp.c; Revision: 1.3;
Date: 2002/12/14 13:27:56; Author: hannes; Lines: (+113 -29)
=====================================================
Summary of modified files
=====================================================
File: tcpdump/print-bgp.c
Revisions: 1.57
Authors: hannes (+24 -8)
-------------------------------
File: tcpdump/print-ldp.c
Revisions: 1.4, 1.3
Authors: hannes (+7 -7), hannes (+113 -29)
--
Automatic cron job from /tcpdump/bin/makelog
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Automatic report from sources (tcpdump libpcap htdocs) between 14.12.2002 - 15.12.2002 GMT Automatic cvs log generator /tcpdump/bin/makelog (Dec 15)
- Re: Automatic report from sources (tcpdump libpcap htdocs) between 14.12.2002 - 15.12.2002 GMT Guy Harris (Dec 15)
- Re: Automatic report from sources (tcpdump libpcap htdocs) between 14.12.2002 - 15.12.2002 GMT Hannes Gredler (Dec 15)
- Re: Automatic report from sources (tcpdump libpcap htdocs) between 14.12.2002 - 15.12.2002 GMT Michael Richardson (Dec 15)
- Re: Automatic report from sources (tcpdump libpcap htdocs) between 14.12.2002 - 15.12.2002 GMT Guy Harris (Dec 15)