PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Use signed value for tcp header offset and option lengths to detect underflow

Browse Source
This commit is contained in:
dmiller
2020-09-09 21:34:55 +00:00
parent b8c8fe8047
commit 3521f15180
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tcpip.cc
View File

@@ -1352,7 +1352,7 @@ int readudppacket(const u8 *packet, int readdata) {
The options checked are MSS, WScale, SackOK, Sack, and Timestamp. */ The options checked are MSS, WScale, SackOK, Sack, and Timestamp. */
static bool validateTCPhdr(const u8 *tcpc, unsigned len) { static bool validateTCPhdr(const u8 *tcpc, unsigned len) {
struct tcp_hdr *tcp = (struct tcp_hdr *) tcpc; struct tcp_hdr *tcp = (struct tcp_hdr *) tcpc;
unsigned hdrlen, optlen; int hdrlen, optlen;
hdrlen = tcp->th_off * 4; hdrlen = tcp->th_off * 4;