NULL/LOOP: Add a bounds check

Moreover: Use uint32_t type for family (32-bit integer). Add and use tstr[].
2024-11-27 12:03:44 +08:00 · 2018-02-12 11:34:28 +01:00 · 2018-02-12 11:34:28 +01:00 · 09e85c97c8
commit 09e85c97c8
parent 0d35fd46a1
1 changed files with 10 additions and 5 deletions
--- a/print-null.c
+++ b/print-null.c
@ -30,8 +30,11 @@
 #include <string.h>

 #include "netdissect.h"
+#include "extract.h"
 #include "af.h"

+static const char tstr[] = " [|null]";
+
 /*
 * The DLT_NULL packet header is 4 bytes long. It contains a host-byte-order
 * 32-bit integer that specifies the family, e.g. AF_INET.
@ -77,13 +80,12 @@ null_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char
 {
 	u_int length = h->len;
 	u_int caplen = h->caplen;
-	u_int family;
+	uint32_t family;

-	if (caplen < NULL_HDRLEN) {
-		ND_PRINT("[|null]");
-		return (NULL_HDRLEN);
-	}
+	if (caplen < NULL_HDRLEN)
+		goto trunc;

+	ND_TCHECK_4(p);
 	memcpy((char *)&family, (const char *)p, sizeof(family));

 	/*
@ -136,6 +138,9 @@ null_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char
 			ND_DEFAULTPRINT(p, caplen);
 	}

+	return (NULL_HDRLEN);
+trunc:
+	ND_PRINT("%s", tstr);
 	return (NULL_HDRLEN);
 }