diff options
| -rw-r--r-- | print-nfs.c | 10 | ||||
| -rw-r--r-- | tests/TESTLIST | 1 | ||||
| -rw-r--r-- | tests/nfs-attr-oobr.out | 2 | ||||
| -rw-r--r-- | tests/nfs_large_credentials_length.out | 1 | ||||
| -rw-r--r-- | tests/nfs_large_credentials_length.pcap | bin | 0 -> 147 bytes |
5 files changed, 13 insertions, 1 deletions
diff --git a/print-nfs.c b/print-nfs.c index bbce4953..8ac5d475 100644 --- a/print-nfs.c +++ b/print-nfs.c @@ -434,6 +434,11 @@ parsereq(netdissect_options *ndo, if (length < 2 * sizeof(*dp)) goto trunc; len = GET_BE_U_4(dp + 1); + if (len > length) { + ND_PRINT(" [credentials length %u > %u]", len, length); + nd_print_invalid(ndo); + return NULL; + } rounded_len = roundup2(len, 4); ND_TCHECK_LEN(dp + 2, rounded_len); if (2 * sizeof(*dp) + rounded_len <= length) { @@ -453,6 +458,11 @@ parsereq(netdissect_options *ndo, if (length < 2 * sizeof(*dp)) goto trunc; len = GET_BE_U_4(dp + 1); + if (len > length) { + ND_PRINT(" [verifier length %u > %u]", len, length); + nd_print_invalid(ndo); + return NULL; + } rounded_len = roundup2(len, 4); ND_TCHECK_LEN(dp + 2, rounded_len); if (2 * sizeof(*dp) + rounded_len < length) { diff --git a/tests/TESTLIST b/tests/TESTLIST index 2fc0f68a..5c85b7e9 100644 --- a/tests/TESTLIST +++ b/tests/TESTLIST @@ -766,6 +766,7 @@ macsec-short-valid macsec-short-valid.pcap macsec-short-valid.out -e # NFS tests # fuzzed pcap nfs-write-verf-cookie nfs-write-verf-cookie.pcapng nfs-write-verf-cookie.out -vv +nfs_large_credentials_length nfs_large_credentials_length.pcap nfs_large_credentials_length.out # NFS fuzzed nfs-seg-fault-1 nfs-seg-fault-1.pcapng nfs-seg-fault-1.out diff --git a/tests/nfs-attr-oobr.out b/tests/nfs-attr-oobr.out index f693576b..dc4465cd 100644 --- a/tests/nfs-attr-oobr.out +++ b/tests/nfs-attr-oobr.out @@ -301,5 +301,5 @@ 0x0030: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000 0x0040: 3030 3030 3030 3030 3030 3030 3030 3030 0000000000000000 0x0050: 3030 00 - 47 1995-08-15 05:27:12.808464432 IP 48.48.48.48.12336 > 48.48.48.48.2049: NFS request xid 3056611558 12308 access [|nfs] + 47 1995-08-15 05:27:12.808464432 IP 48.48.48.48.12336 > 48.48.48.48.2049: NFS request xid 3056611558 12308 access [credentials length 808464432 > 12308] (invalid) [|nfs] 48 1995-08-15 05:27:12.808464432 IP 48.48.48.48.2049 > 48.48.48.48.12336: NFS reply xid 3056611558 reply ok 12308 access [|nfs] diff --git a/tests/nfs_large_credentials_length.out b/tests/nfs_large_credentials_length.out new file mode 100644 index 00000000..31e776d8 --- /dev/null +++ b/tests/nfs_large_credentials_length.out @@ -0,0 +1 @@ + 1 1971-09-12 02:15:12.134350544 IP 255.10.0.1.63476 > 127.0.0.1.2049: NFS request xid 1168185174 80 readdirplus [credentials length 4294967295 > 80] (invalid) [|nfs] diff --git a/tests/nfs_large_credentials_length.pcap b/tests/nfs_large_credentials_length.pcap Binary files differnew file mode 100644 index 00000000..aea79723 --- /dev/null +++ b/tests/nfs_large_credentials_length.pcap |