diff options
| author | Pedro F. Giffuni <pfg@FreeBSD.org> | 2015-01-31 16:34:39 +0000 |
|---|---|---|
| committer | Pedro F. Giffuni <pfg@FreeBSD.org> | 2015-01-31 16:34:39 +0000 |
| commit | 4a7f186ea65ba48cfe871b01857164f3e0b3305e (patch) | |
| tree | f46d7ea2dedfde6a94703a6c5f21238decc4168f | |
| parent | 2b8b8321e3141dd7fa92381bfbb7aa001d13e31b (diff) | |
| parent | d3b6650ba68c44e3a488aac17bbe56d0cd0e870d (diff) | |
| download | src-4a7f186ea65ba48cfe871b01857164f3e0b3305e.tar.gz src-4a7f186ea65ba48cfe871b01857164f3e0b3305e.zip | |
Notes
| -rw-r--r-- | contrib/tcpdump/print-atm.c | 15 | ||||
| -rw-r--r-- | contrib/tcpdump/print-llc.c | 15 |
2 files changed, 25 insertions, 5 deletions
diff --git a/contrib/tcpdump/print-atm.c b/contrib/tcpdump/print-atm.c index b352579ea4d9..1676a86471c4 100644 --- a/contrib/tcpdump/print-atm.c +++ b/contrib/tcpdump/print-atm.c @@ -167,7 +167,7 @@ atm_if_print(netdissect_options *ndo, uint32_t llchdr; u_int hdrlen = 0; - if (caplen < 8) { + if (caplen < 1 || length < 1) { ND_PRINT((ndo, "%s", tstr)); return (caplen); } @@ -181,6 +181,15 @@ atm_if_print(netdissect_options *ndo, } /* + * Must have at least a DSAP, an SSAP, and the first byte of the + * control field. + */ + if (caplen < 3 || length < 3) { + ND_PRINT((ndo, "%s", tstr)); + return (caplen); + } + + /* * Extract the presumed LLC header into a variable, for quick * testing. * Then check for a header that's neither a header for a SNAP @@ -207,6 +216,10 @@ atm_if_print(netdissect_options *ndo, * packets? If so, could it be changed to use a * new DLT_IEEE802_6 value if we added it? */ + if (caplen < 20 || length < 20) { + ND_PRINT((ndo, "%s", tstr)); + return (caplen); + } if (ndo->ndo_eflag) ND_PRINT((ndo, "%08x%08x %08x%08x ", EXTRACT_32BITS(p), diff --git a/contrib/tcpdump/print-llc.c b/contrib/tcpdump/print-llc.c index 82da55b1d732..78b863103df1 100644 --- a/contrib/tcpdump/print-llc.c +++ b/contrib/tcpdump/print-llc.c @@ -153,10 +153,10 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, *extracted_ethertype = 0; - if (caplen < 3) { + if (caplen < 3 || length < 3) { ND_PRINT((ndo, "[|llc]")); ND_DEFAULTPRINT((u_char *)p, caplen); - return(0); + return (1); } dsap_field = *p; @@ -179,10 +179,10 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, * The control field in I and S frames is * 2 bytes... */ - if (caplen < 4) { + if (caplen < 4 || length < 4) { ND_PRINT((ndo, "[|llc]")); ND_DEFAULTPRINT((u_char *)p, caplen); - return(0); + return (1); } /* @@ -242,6 +242,11 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, if (ssap == LLCSAP_IP && dsap == LLCSAP_IP && control == LLC_UI) { + if (caplen < 4 || length < 4) { + ND_PRINT((ndo, "[|llc]")); + ND_DEFAULTPRINT((u_char *)p, caplen); + return (1); + } ip_print(ndo, p+4, length-4); return (1); } @@ -370,6 +375,8 @@ snap_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, register int ret; ND_TCHECK2(*p, 5); + if (caplen < 5 || length < 5) + goto trunc; orgcode = EXTRACT_24BITS(p); et = EXTRACT_16BITS(p + 3); |