[Bug] heap-overflow in get.c:344 #735
Assignees
Comments
|
Fixed overflow in PR #744 |
fklassen
added a commit
that referenced
this issue
Aug 26, 2022
fklassen
added a commit
that referenced
this issue
Aug 26, 2022
Bug #735 heap-overflow in get_l2len_protocol
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You are opening a bug report against the Tcpreplay project: we use
GitHub Issues for tracking bug reports and feature requests.
If you have a question about how to use Tcpreplay, you are at the wrong
site. You can ask a question on the tcpreplay-users mailing list
or on Stack Overflow with [tcpreplay] tag.
General help is available here.
If you have a build issue, consider downloading the latest release
Otherwise, to report a bug, please fill out the reproduction steps
(below) and delete these introductory paragraphs. Thanks!
Describe the bug
A clear and concise description of what the bug is.
There is a heap-overflow bug in get_ipv6_next. Different from #716 (The crash point is in line 322,
ntohs(eth_hdr->ether_type);), this bug is triggered in line 344 (pktdata[l2_net_off] >> 4).To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
The program does not crash.
Screenshots
If applicable, add screenshots to help explain your problem.
System (please complete the following information):
Additional context
Add any other context about the problem here.
POC
poc.zip
The text was updated successfully, but these errors were encountered: