aboutsummaryrefslogtreecommitdiff
path: root/contrib/tcpdump/print-ip6.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/tcpdump/print-ip6.c')
-rw-r--r--contrib/tcpdump/print-ip6.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/contrib/tcpdump/print-ip6.c b/contrib/tcpdump/print-ip6.c
index 9f590f2af4e1..a634d7b83117 100644
--- a/contrib/tcpdump/print-ip6.c
+++ b/contrib/tcpdump/print-ip6.c
@@ -280,6 +280,8 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length)
advance = sizeof(struct ip6_hdr);
nh = ip6->ip6_nxt;
while (cp < ndo->ndo_snapend && advance > 0) {
+ if (len < (u_int)advance)
+ goto trunc;
cp += advance;
len -= advance;
@@ -322,10 +324,15 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length)
* mobility header.
*/
advance = mobility_print(ndo, cp, (const u_char *)ip6);
+ if (advance < 0)
+ return;
nh = *cp;
return;
case IPPROTO_ROUTING:
+ ND_TCHECK(*cp);
advance = rt6_print(ndo, cp, (const u_char *)ip6);
+ if (advance < 0)
+ return;
nh = *cp;
break;
case IPPROTO_SCTP:
@@ -345,12 +352,16 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length)
return;
case IPPROTO_AH:
advance = ah_print(ndo, cp);
+ if (advance < 0)
+ return;
nh = *cp;
break;
case IPPROTO_ESP:
{
int enh, padlen;
advance = esp_print(ndo, cp, len, (const u_char *)ip6, &enh, &padlen);
+ if (advance < 0)
+ return;
nh = enh & 0xff;
len -= padlen;
break;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-23 18:58:02 +0000