tech-net: Re: tcpdump 3.4 bug?

Subject: Re: tcpdump 3.4 bug?
To: None <BUGTRAQ@netspace.org>
From: acpizer <acpizer@MACH.UNSEEN.ORG>
List: tech-net
Date: 06/17/1999 12:19:06

The given source for killing tcpdump will only work on local networks
since routers drop the bad packet it creates, a more constuctive patch for
tcpdump is listed below.

-- snip --
diff -r -p print-ip.orig.c print-ip.c
*** print-ip.orig.c     Thu Jun 17 11:24:17 1999
--- print-ip.c  Thu Jun 17 14:07:50 1999
*************** ip_print(register const u_char *bp, regi
*** 374,379 ****
--- 374,384 ----
                (void)printf("truncated-ip %d", length);
                return;
        }
+
+         if (ip->ip_hl == 0) {
+                 (void)printf("bad ip packet - header length = 0\n");
+                 return;
+         }
        hlen = ip->ip_hl * 4;

        len = ntohs(ip->ip_len);
-- snip --

 Cheers.

-------------------------------------------------------------------------------
"Probably you've only really grown up, when you can bear not being understood."

                              Marian Gold /Alphaville