19 lines
634 B
Diff
19 lines
634 B
Diff
Patch by Hilko Bengen <bengen@debian.org> for dsniff >= 2.4b1, to avoid a
|
|
possible DoS opportunity in the Tabular Data Stream protocol handler. For
|
|
further information, please have a look to Debian bug ID #609988.
|
|
|
|
--- dsniff-2.4/decode_tds.c 2011-10-09 18:13:49.000000000 +0200
|
|
+++ dsniff-2.4/decode_tds.c.tds_decoder 2011-10-09 18:14:43.000000000 +0200
|
|
@@ -140,6 +140,11 @@
|
|
|
|
obuf[0] = '\0';
|
|
|
|
+ if (th->size != 8) {
|
|
+ /* wrong header length */
|
|
+ return (strlen(obuf));
|
|
+ }
|
|
+
|
|
for (th = (struct tds_hdr *)buf;
|
|
len > sizeof(*th) && len >= ntohs(th->size);
|
|
buf += ntohs(th->size), len -= ntohs(th->size)) {
|