mirrors/tcpdump
0
0
Fork 0
mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2025-01-21 15:18:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Check for a too-small NBP length before subtracting the header size

Browse Source 
(from OpenBSD's "print-atalk.c").
This commit is contained in:
guy 2002-02-05 10:03:34 +00:00
parent b654029413
commit d47c1a036a
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
print-atalk.c
View File

@ -23,7 +23,7 @@
#ifndef lint #ifndef lint
static const char rcsid[] = static const char rcsid[] =
"@(#) $Header: /tcpdump/master/tcpdump/print-atalk.c,v 1.70 2001-11-15 08:23:12 itojun Exp $ (LBL)"; "@(#) $Header: /tcpdump/master/tcpdump/print-atalk.c,v 1.71 2002-02-05 10:03:34 guy Exp $ (LBL)";
#endif #endif
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
@ -112,6 +112,14 @@ llap_print(register const u_char *bp, u_int length)
register const struct atShortDDP *sdp; register const struct atShortDDP *sdp;
u_short snet; u_short snet;
/*
* Our packet is on a 4-byte boundary, as we're either called
* directly from a top-level link-layer printer (ltalk_if_print)
* or from the UDP printer. The LLAP+DDP header is a multiple
* of 4 bytes in length, so the DDP payload is also on a 4-byte
* boundary, and we don't need to align it before calling
* "ddp_print()".
*/
lp = (const struct LAP *)bp; lp = (const struct LAP *)bp;
bp += sizeof(*lp); bp += sizeof(*lp);
length -= sizeof(*lp); length -= sizeof(*lp);
@ -394,6 +402,11 @@ nbp_print(register const struct atNBP *np, u_int length, register u_short snet,
int i; int i;
const u_char *ep; const u_char *ep;
if (length < nbpHeaderSize) {
(void)printf(" truncated-nbp %d", length);
return;
}
length -= nbpHeaderSize; length -= nbpHeaderSize;
if (length < 8) { if (length < 8) {
/* must be room for at least one tuple */ /* must be room for at least one tuple */