CVE-2017-13038/PPP: Do bounds checking.

[tcpdump] / print-ppp.c

diff --git a/print-ppp.c b/print-ppp.c
index d07763cb1cadff5f54cffb561dd7b56333bde99f..891761728bbb7450368c7b838e8a82c1d7c681bd 100644 (file)
--- a/print-ppp.c
+++ b/print-ppp.c
@@ -811,6 +811,15 @@ handle_mlppp(netdissect_options *ndo,
     if (!ndo->ndo_eflag)
         ND_PRINT((ndo, "MLPPP, "));
 
+    if (length < 2) {
+        ND_PRINT((ndo, "[|mlppp]"));
+        return;
+    }
+    if (!ND_TTEST_16BITS(p)) {
+        ND_PRINT((ndo, "[|mlppp]"));
+        return;
+    }
+
     ND_PRINT((ndo, "seq 0x%03x, Flags [%s], length %u",
            (EXTRACT_16BITS(p))&0x0fff, /* only support 12-Bit sequence space for now */
            bittok2str(ppp_ml_flag_values, "none", *p & 0xc0),