The packet length must be <= MAXIMUM_SNAPLEN.
Currently, there is no D-Bus printer, thus no need for a bigger length.
Now a pachet is valid if:
capture length != 0,
packet length != 0,
capture length <= MAXIMUM_SNAPLEN,
packet length <= MAXIMUM_SNAPLEN,
packet length >= capture length.
Moreover:
Fix the packet header lengths of some fuzzed pcap files:
If the lengths are > MAXIMUM_SNAPLEN, set them to MAXIMUM_SNAPLEN.
Thus they will be always usable with this new sanity check.
bgp_mvpn_6_and_7 && bgp_pmsi_tunnel-oobr && bgp_vpn_rt-oobr: All contained illegal prefix lengths in the withdrawn routes section, ie > than 32 for ipv4, so I modified the .pcap files to have legal prefixs so that the BGP wasn't truncated and updated the withdrawn routes in the test.out
decode_rt_routing_info() didn't check bounds before fetching 4 octets of
the origin AS field and could over-read the input buffer, put it right.
It also fetched the varying number of octets of the route target field
from 4 octets lower than the correct offset, put it right.
It also used the same temporary buffer explicitly through as_printf()
and implicitly through bgp_vpn_rd_print() so the end result of snprintf()
was not what was originally intended.
This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
Add a test using the capture file supplied by the reporter(s).