Page MenuHomeFreeBSD
Differential D54718

tcpdump: Fix buffer overrun in ATM OAM printing
Needs ReviewPublic
Actions

Authored by amy.vargas_netapp.com on Wed, Jan 14, 6:23 PM.
Tags
None
Referenced Files
F142049299: D54718.id169729.diff
Thu, Jan 15, 11:16 AM
F142042310: D54718.id169729.diff
Thu, Jan 15, 8:46 AM
F142041607: D54718.id.diff
Thu, Jan 15, 8:30 AM
F142031723: D54718.diff
Thu, Jan 15, 4:54 AM
F142030011: D54718.diff
Thu, Jan 15, 4:19 AM
F142029962: D54718.diff
Thu, Jan 15, 4:18 AM
F142028423: D54718.id.diff
Thu, Jan 15, 3:42 AM
F142010699: D54718/new/.diff
Wed, Jan 14, 9:32 PM
View All 9 Files
Subscribers
glebius
imp
rscheff

Details

Reviewers
None
Group Reviewers
NetApp
network
Klara
Summary

tcpdump: Fix buffer overrun in ATM OAM printing (Coverity)

Fix buffer overrun in oam_print() when printing ATM OAM fields.

The previous code iterated over the loopback_id, source_id, and failure_location
arrays and, on certain indexes, printed a 16-bit value starting at that index.
This could result in a buffer overrun on the last iteration, as it could read
past the end of the array.

Update the loops to increment by 2 and only access valid 16-bit aligned elements,
ensuring no out-of-bounds access occurs.

This change was made to address issues reported by Coverity static analysis.

No functional change except improved safety.

Test Plan

arc lint: PASSED
build creation: PASSED
image creation and qemu boot: PASSED

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

amy.vargas_netapp.com created this revision.Wed, Jan 14, 6:23 PM
Herald added a subscriber: imp. · View Herald TranscriptWed, Jan 14, 6:23 PM
amy.vargas_netapp.com requested review of this revision.Wed, Jan 14, 6:23 PM
glebius added a subscriber: glebius.Wed, Jan 14, 6:29 PM

Have you tried to submit this the tcpdump project itself? https://github.com/the-tcpdump-group/tcpdump

amy.vargas_netapp.com added a comment.Wed, Jan 14, 6:36 PM

I have not. I'm still getting familiar with the process. Should I submit there first and if so, would the new version of tcpdump just be picked up by FreeBSD with no need for this review?

rscheff added a subscriber: rscheff.Wed, Jan 14, 7:16 PM
In D54718#1250105, @amy.vargas_netapp.com wrote:

I have not. I'm still getting familiar with the process. Should I submit there first and if so, would the new version of tcpdump just be picked up by FreeBSD with no need for this review?

Check if this fix is still relevant; fbsd uses the tcpdump-4.99 branch, not the main branch (e.g. all the AccECN decoding I put into tcpdump in 2024 aren't in 4.99 and therefore not in fbsd-15).

But you can fork the tcpdump on github, create the diff there and ask Dennis or Guy (mostly Dennis) to approve the pull request with your delta. We can chat offline how that worked for me for AccECN (https://github.com/the-tcpdump-group/tcpdump/pull/999)

amy.vargas_netapp.com added a comment.Wed, Jan 14, 9:19 PM

I have submitted https://github.com/the-tcpdump-group/tcpdump/pull/1397 for this.

Revision Contents
Changeset List

PathSize
contrib/
tcpdump/
21 lines

Diff 169729

View Options

contrib/tcpdump/print-atm.c

Loading...