diff options
| author | Pedro F. Giffuni <pfg@FreeBSD.org> | 2015-01-31 16:26:21 +0000 |
|---|---|---|
| committer | Pedro F. Giffuni <pfg@FreeBSD.org> | 2015-01-31 16:26:21 +0000 |
| commit | d3b6650ba68c44e3a488aac17bbe56d0cd0e870d (patch) | |
| tree | 372984dfa0bd4ecdc121d7d9fd2e6688438cad39 | |
| parent | aae6b2073aeb7ba1118183bb52286e44dd04df28 (diff) | |
Notes
| -rw-r--r-- | print-atm.c | 15 | ||||
| -rw-r--r-- | print-llc.c | 15 |
2 files changed, 25 insertions, 5 deletions
diff --git a/print-atm.c b/print-atm.c index 2531880b40ef..9361065937b2 100644 --- a/print-atm.c +++ b/print-atm.c @@ -165,7 +165,7 @@ atm_if_print(netdissect_options *ndo, uint32_t llchdr; u_int hdrlen = 0; - if (caplen < 8) { + if (caplen < 1 || length < 1) { ND_PRINT((ndo, "%s", tstr)); return (caplen); } @@ -179,6 +179,15 @@ atm_if_print(netdissect_options *ndo, } /* + * Must have at least a DSAP, an SSAP, and the first byte of the + * control field. + */ + if (caplen < 3 || length < 3) { + ND_PRINT((ndo, "%s", tstr)); + return (caplen); + } + + /* * Extract the presumed LLC header into a variable, for quick * testing. * Then check for a header that's neither a header for a SNAP @@ -205,6 +214,10 @@ atm_if_print(netdissect_options *ndo, * packets? If so, could it be changed to use a * new DLT_IEEE802_6 value if we added it? */ + if (caplen < 20 || length < 20) { + ND_PRINT((ndo, "%s", tstr)); + return (caplen); + } if (ndo->ndo_eflag) ND_PRINT((ndo, "%08x%08x %08x%08x ", EXTRACT_32BITS(p), diff --git a/print-llc.c b/print-llc.c index e78378d05b5a..e8a3314c5c79 100644 --- a/print-llc.c +++ b/print-llc.c @@ -151,10 +151,10 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, *extracted_ethertype = 0; - if (caplen < 3) { + if (caplen < 3 || length < 3) { ND_PRINT((ndo, "[|llc]")); ND_DEFAULTPRINT((u_char *)p, caplen); - return(0); + return (1); } dsap_field = *p; @@ -177,10 +177,10 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, * The control field in I and S frames is * 2 bytes... */ - if (caplen < 4) { + if (caplen < 4 || length < 4) { ND_PRINT((ndo, "[|llc]")); ND_DEFAULTPRINT((u_char *)p, caplen); - return(0); + return (1); } /* @@ -240,6 +240,11 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, if (ssap == LLCSAP_IP && dsap == LLCSAP_IP && control == LLC_UI) { + if (caplen < 4 || length < 4) { + ND_PRINT((ndo, "[|llc]")); + ND_DEFAULTPRINT((u_char *)p, caplen); + return (1); + } ip_print(ndo, p+4, length-4); return (1); } @@ -368,6 +373,8 @@ snap_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, register int ret; ND_TCHECK2(*p, 5); + if (caplen < 5 || length < 5) + goto trunc; orgcode = EXTRACT_24BITS(p); et = EXTRACT_16BITS(p + 3); |