Handle very large -f files by rejecting them.

[tcpdump] / print-pgm.c
diff --git a/print-pgm.c b/print-pgm.c

index fc2b0cccd5536494d01abc1a9fade0fd285b4ece..8340f2c3eb43f5d05f0ba7048f78efbfa84e6635 100644 (file)
--- a/print-pgm.c
+++ b/print-pgm.c
@@ -13,20 +13,21 @@
   * Original code by Andy Heffernan ([email protected])
   */
  
+/* \summary: Pragmatic General Multicast (PGM) printer */
+
  #ifdef HAVE_CONFIG_H
  #include "config.h"
  #endif
  
-#include <tcpdump-stdinc.h>
+#include <netdissect-stdinc.h>
  
-#include "interface.h"
+#include "netdissect.h"
  #include "extract.h"
  #include "addrtoname.h"
+#include "addrtostr.h"
  
  #include "ip.h"
-#ifdef INET6
  #include "ip6.h"
-#endif
  #include "ipproto.h"
  #include "af.h"
  
@@ -150,76 +151,56 @@ pgm_print(netdissect_options *ndo,
         register const struct ip *ip;
         register char ch;
         uint16_t sport, dport;
-       int addr_size;
-       const void *nla;
-       int nla_af;
-#ifdef INET6
+       u_int nla_afnum;
         char nla_buf[INET6_ADDRSTRLEN];
         register const struct ip6_hdr *ip6;
-#else
-       char nla_buf[INET_ADDRSTRLEN];
-#endif
         uint8_t opt_type, opt_len;
         uint32_t seq, opts_len, len, offset;
  
         pgm = (const struct pgm_header *)bp;
         ip = (const struct ip *)bp2;
-#ifdef INET6
         if (IP_V(ip) == 6)
                 ip6 = (const struct ip6_hdr *)bp2;
         else
                 ip6 = NULL;
-#else /* INET6 */
-       if (IP_V(ip) == 6) {
-               ND_PRINT((ndo, "Can't handle IPv6"));
-               return;
-       }
-#endif /* INET6 */
         ch = '\0';
         if (!ND_TTEST(pgm->pgm_dport)) {
-#ifdef INET6
                 if (ip6) {
                         ND_PRINT((ndo, "%s > %s: [|pgm]",
                                 ip6addr_string(ndo, &ip6->ip6_src),
                                 ip6addr_string(ndo, &ip6->ip6_dst)));
-                       return;
-               } else
-#endif /* INET6 */
-               {
+               } else {
                         ND_PRINT((ndo, "%s > %s: [|pgm]",
                                 ipaddr_string(ndo, &ip->ip_src),
                                 ipaddr_string(ndo, &ip->ip_dst)));
-                       return;
                 }
+               return;
         }
  
         sport = EXTRACT_16BITS(&pgm->pgm_sport);
         dport = EXTRACT_16BITS(&pgm->pgm_dport);
  
-#ifdef INET6
         if (ip6) {
                 if (ip6->ip6_nxt == IPPROTO_PGM) {
                         ND_PRINT((ndo, "%s.%s > %s.%s: ",
                                 ip6addr_string(ndo, &ip6->ip6_src),
-                               tcpport_string(sport),
+                               tcpport_string(ndo, sport),
                                 ip6addr_string(ndo, &ip6->ip6_dst),
-                               tcpport_string(dport)));
+                               tcpport_string(ndo, dport)));
                 } else {
                         ND_PRINT((ndo, "%s > %s: ",
-                               tcpport_string(sport), tcpport_string(dport)));
+                               tcpport_string(ndo, sport), tcpport_string(ndo, dport)));
                 }
-       } else
-#endif /*INET6*/
-       {
+       } else {
                 if (ip->ip_p == IPPROTO_PGM) {
                         ND_PRINT((ndo, "%s.%s > %s.%s: ",
                                 ipaddr_string(ndo, &ip->ip_src),
-                               tcpport_string(sport),
+                               tcpport_string(ndo, sport),
                                 ipaddr_string(ndo, &ip->ip_dst),
-                               tcpport_string(dport)));
+                               tcpport_string(ndo, dport)));
                 } else {
                         ND_PRINT((ndo, "%s > %s: ",
-                               tcpport_string(sport), tcpport_string(dport)));
+                               tcpport_string(ndo, sport), tcpport_string(ndo, dport)));
                 }
         }
  
@@ -243,28 +224,24 @@ pgm_print(netdissect_options *ndo,
  
             spm = (const struct pgm_spm *)(pgm + 1);
             ND_TCHECK(*spm);
+           bp = (const u_char *) (spm + 1);
  
             switch (EXTRACT_16BITS(&spm->pgms_nla_afi)) {
             case AFNUM_INET:
-               addr_size = sizeof(struct in_addr);
-               nla_af = AF_INET;
+               ND_TCHECK2(*bp, sizeof(struct in_addr));
+               addrtostr(bp, nla_buf, sizeof(nla_buf));
+               bp += sizeof(struct in_addr);
                 break;
-#ifdef INET6
             case AFNUM_INET6:
-               addr_size = sizeof(struct in6_addr);
-               nla_af = AF_INET6;
+               ND_TCHECK2(*bp, sizeof(struct in6_addr));
+               addrtostr6(bp, nla_buf, sizeof(nla_buf));
+               bp += sizeof(struct in6_addr);
                 break;
-#endif
             default:
                 goto trunc;
                 break;
             }
-           bp = (const u_char *) (spm + 1);
-           ND_TCHECK2(*bp, addr_size);
-           nla = bp;
-           bp += addr_size;
  
-           inet_ntop(nla_af, nla, nla_buf, sizeof(nla_buf));
             ND_PRINT((ndo, "SPM seq %u trail %u lead %u nla %s",
                          EXTRACT_32BITS(&spm->pgms_seq),
                           EXTRACT_32BITS(&spm->pgms_trailseq),
@@ -274,14 +251,14 @@ pgm_print(netdissect_options *ndo,
         }
  
         case PGM_POLL: {
-           const struct pgm_poll *poll;
+           const struct pgm_poll *poll_msg;
  
-           poll = (const struct pgm_poll *)(pgm + 1);
-           ND_TCHECK(*poll);
+           poll_msg = (const struct pgm_poll *)(pgm + 1);
+           ND_TCHECK(*poll_msg);
             ND_PRINT((ndo, "POLL seq %u round %u",
-                        EXTRACT_32BITS(&poll->pgmp_seq),
-                         EXTRACT_16BITS(&poll->pgmp_round)));
-           bp = (const u_char *) (poll + 1);
+                        EXTRACT_32BITS(&poll_msg->pgmp_seq),
+                         EXTRACT_16BITS(&poll_msg->pgmp_round)));
+           bp = (const u_char *) (poll_msg + 1);
             break;
         }
         case PGM_POLR: {
@@ -290,28 +267,23 @@ pgm_print(netdissect_options *ndo,
  
             polr = (const struct pgm_polr *)(pgm + 1);
             ND_TCHECK(*polr);
+           bp = (const u_char *) (polr + 1);
  
             switch (EXTRACT_16BITS(&polr->pgmp_nla_afi)) {
             case AFNUM_INET:
-               addr_size = sizeof(struct in_addr);
-               nla_af = AF_INET;
+               ND_TCHECK2(*bp, sizeof(struct in_addr));
+               addrtostr(bp, nla_buf, sizeof(nla_buf));
+               bp += sizeof(struct in_addr);
                 break;
-#ifdef INET6
             case AFNUM_INET6:
-               addr_size = sizeof(struct in6_addr);
-               nla_af = AF_INET6;
+               ND_TCHECK2(*bp, sizeof(struct in6_addr));
+               addrtostr6(bp, nla_buf, sizeof(nla_buf));
+               bp += sizeof(struct in6_addr);
                 break;
-#endif
             default:
                 goto trunc;
                 break;
             }
-           bp = (const u_char *) (polr + 1);
-           ND_TCHECK2(*bp, addr_size);
-           nla = bp;
-           bp += addr_size;
-
-           inet_ntop(nla_af, nla, nla_buf, sizeof(nla_buf));
  
             ND_TCHECK2(*bp, sizeof(uint32_t));
             ivl = EXTRACT_32BITS(bp);
@@ -358,16 +330,11 @@ pgm_print(netdissect_options *ndo,
         case PGM_NULLNAK:
         case PGM_NCF: {
             const struct pgm_nak *nak;
-           const void *source, *group;
-           int source_af, group_af;
-#ifdef INET6
             char source_buf[INET6_ADDRSTRLEN], group_buf[INET6_ADDRSTRLEN];
-#else
-           char source_buf[INET_ADDRSTRLEN], group_buf[INET_ADDRSTRLEN];
-#endif
  
             nak = (const struct pgm_nak *)(pgm + 1);
             ND_TCHECK(*nak);
+           bp = (const u_char *) (nak + 1);
  
             /*
              * Skip past the source, saving info along the way
@@ -375,53 +342,45 @@ pgm_print(netdissect_options *ndo,
              */
             switch (EXTRACT_16BITS(&nak->pgmn_source_afi)) {
             case AFNUM_INET:
-               addr_size = sizeof(struct in_addr);
-               source_af = AF_INET;
+               ND_TCHECK2(*bp, sizeof(struct in_addr));
+               addrtostr(bp, source_buf, sizeof(source_buf));
+               bp += sizeof(struct in_addr);
                 break;
-#ifdef INET6
             case AFNUM_INET6:
-               addr_size = sizeof(struct in6_addr);
-               source_af = AF_INET6;
+               ND_TCHECK2(*bp, sizeof(struct in6_addr));
+               addrtostr6(bp, source_buf, sizeof(source_buf));
+               bp += sizeof(struct in6_addr);
                 break;
-#endif
             default:
                 goto trunc;
                 break;
             }
-           bp = (const u_char *) (nak + 1);
-           ND_TCHECK2(*bp, addr_size);
-           source = bp;
-           bp += addr_size;
  
             /*
              * Skip past the group, saving info along the way
              * and stopping if we don't have enough.
              */
+           bp += (2 * sizeof(uint16_t));
+           ND_TCHECK_16BITS(bp);
             switch (EXTRACT_16BITS(bp)) {
             case AFNUM_INET:
-               addr_size = sizeof(struct in_addr);
-               group_af = AF_INET;
+               ND_TCHECK2(*bp, sizeof(struct in_addr));
+               addrtostr(bp, group_buf, sizeof(group_buf));
+               bp += sizeof(struct in_addr);
                 break;
-#ifdef INET6
             case AFNUM_INET6:
-               addr_size = sizeof(struct in6_addr);
-               group_af = AF_INET6;
+               ND_TCHECK2(*bp, sizeof(struct in6_addr));
+               addrtostr6(bp, group_buf, sizeof(group_buf));
+               bp += sizeof(struct in6_addr);
                 break;
-#endif
             default:
                 goto trunc;
                 break;
             }
-           bp += (2 * sizeof(uint16_t));
-           ND_TCHECK2(*bp, addr_size);
-           group = bp;
-           bp += addr_size;
  
             /*
              * Options decoding can go here.
              */
-           inet_ntop(source_af, source, source_buf, sizeof(source_buf));
-           inet_ntop(group_af, group, group_buf, sizeof(group_buf));
             switch (pgm->pgm_type) {
                 case PGM_NAK:
                     ND_PRINT((ndo, "NAK "));
@@ -498,6 +457,10 @@ pgm_print(netdissect_options *ndo,
                     ND_PRINT((ndo, "[Total option length leaves no room for final option]"));
                     return;
                 }
+               if (!ND_TTEST2(*bp, 2)) {
+                   ND_PRINT((ndo, " [|OPT]"));
+                   return;
+               }
                 opt_type = *bp++;
                 opt_len = *bp++;
                 if (opt_len < PGM_MIN_OPT_LEN) {
@@ -516,163 +479,191 @@ pgm_print(netdissect_options *ndo,
  
                 switch (opt_type & PGM_OPT_MASK) {
                 case PGM_OPT_LENGTH:
-                   if (opt_len != 4) {
-                       ND_PRINT((ndo, "[Bad OPT_LENGTH option, length %u != 4]", opt_len));
+#define PGM_OPT_LENGTH_LEN     (2+2)
+                   if (opt_len != PGM_OPT_LENGTH_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_LENGTH option, length %u != %u]",
+                           opt_len, PGM_OPT_LENGTH_LEN));
                         return;
                     }
                     ND_PRINT((ndo, " OPTS LEN (extra?) %d", EXTRACT_16BITS(bp)));
-                   bp += sizeof(uint16_t);
-                   opts_len -= 4;
+                   bp += 2;
+                   opts_len -= PGM_OPT_LENGTH_LEN;
                     break;
  
                 case PGM_OPT_FRAGMENT:
-                   if (opt_len != 16) {
-                       ND_PRINT((ndo, "[Bad OPT_FRAGMENT option, length %u != 16]", opt_len));
+#define PGM_OPT_FRAGMENT_LEN   (2+2+4+4+4)
+                   if (opt_len != PGM_OPT_FRAGMENT_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_FRAGMENT option, length %u != %u]",
+                           opt_len, PGM_OPT_FRAGMENT_LEN));
                         return;
                     }
                     bp += 2;
                     seq = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
+                   bp += 4;
                     offset = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
+                   bp += 4;
                     len = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
+                   bp += 4;
                     ND_PRINT((ndo, " FRAG seq %u off %u len %u", seq, offset, len));
-                   opts_len -= 16;
+                   opts_len -= PGM_OPT_FRAGMENT_LEN;
                     break;
  
                 case PGM_OPT_NAK_LIST:
                     bp += 2;
-                   opt_len -= sizeof(uint32_t);        /* option header */
+                   opt_len -= 4;       /* option header */
                     ND_PRINT((ndo, " NAK LIST"));
                     while (opt_len) {
-                       if (opt_len < sizeof(uint32_t)) {
+                       if (opt_len < 4) {
                             ND_PRINT((ndo, "[Option length not a multiple of 4]"));
                             return;
                         }
-                       ND_TCHECK2(*bp, sizeof(uint32_t));
+                       ND_TCHECK2(*bp, 4);
                         ND_PRINT((ndo, " %u", EXTRACT_32BITS(bp)));
-                       bp += sizeof(uint32_t);
-                       opt_len -= sizeof(uint32_t);
-                       opts_len -= sizeof(uint32_t);
+                       bp += 4;
+                       opt_len -= 4;
+                       opts_len -= 4;
                     }
                     break;
  
                 case PGM_OPT_JOIN:
-                   if (opt_len != 8) {
-                       ND_PRINT((ndo, "[Bad OPT_JOIN option, length %u != 8]", opt_len));
+#define PGM_OPT_JOIN_LEN       (2+2+4)
+                   if (opt_len != PGM_OPT_JOIN_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_JOIN option, length %u != %u]",
+                           opt_len, PGM_OPT_JOIN_LEN));
                         return;
                     }
                     bp += 2;
                     seq = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
+                   bp += 4;
                     ND_PRINT((ndo, " JOIN %u", seq));
-                   opts_len -= 8;
+                   opts_len -= PGM_OPT_JOIN_LEN;
                     break;
  
                 case PGM_OPT_NAK_BO_IVL:
-                   if (opt_len != 12) {
-                       ND_PRINT((ndo, "[Bad OPT_NAK_BO_IVL option, length %u != 12]", opt_len));
+#define PGM_OPT_NAK_BO_IVL_LEN (2+2+4+4)
+                   if (opt_len != PGM_OPT_NAK_BO_IVL_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_NAK_BO_IVL option, length %u != %u]",
+                           opt_len, PGM_OPT_NAK_BO_IVL_LEN));
                         return;
                     }
                     bp += 2;
                     offset = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
+                   bp += 4;
                     seq = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
+                   bp += 4;
                     ND_PRINT((ndo, " BACKOFF ivl %u ivlseq %u", offset, seq));
-                   opts_len -= 12;
+                   opts_len -= PGM_OPT_NAK_BO_IVL_LEN;
                     break;
  
                 case PGM_OPT_NAK_BO_RNG:
-                   if (opt_len != 12) {
-                       ND_PRINT((ndo, "[Bad OPT_NAK_BO_RNG option, length %u != 12]", opt_len));
+#define PGM_OPT_NAK_BO_RNG_LEN (2+2+4+4)
+                   if (opt_len != PGM_OPT_NAK_BO_RNG_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_NAK_BO_RNG option, length %u != %u]",
+                           opt_len, PGM_OPT_NAK_BO_RNG_LEN));
                         return;
                     }
                     bp += 2;
                     offset = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
+                   bp += 4;
                     seq = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
+                   bp += 4;
                     ND_PRINT((ndo, " BACKOFF max %u min %u", offset, seq));
-                   opts_len -= 12;
+                   opts_len -= PGM_OPT_NAK_BO_RNG_LEN;
                     break;
  
                 case PGM_OPT_REDIRECT:
+#define PGM_OPT_REDIRECT_FIXED_LEN     (2+2+2+2)
+                   if (opt_len < PGM_OPT_REDIRECT_FIXED_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_REDIRECT option, length %u < %u]",
+                           opt_len, PGM_OPT_REDIRECT_FIXED_LEN));
+                       return;
+                   }
                     bp += 2;
-                   switch (EXTRACT_16BITS(bp)) {
+                   nla_afnum = EXTRACT_16BITS(bp);
+                   bp += 2+2;
+                   switch (nla_afnum) {
                     case AFNUM_INET:
-                       addr_size = sizeof(struct in_addr);
-                       nla_af = AF_INET;
+                       if (opt_len != PGM_OPT_REDIRECT_FIXED_LEN + sizeof(struct in_addr)) {
+                           ND_PRINT((ndo, "[Bad OPT_REDIRECT option, length %u != %u + address size]",
+                               opt_len, PGM_OPT_REDIRECT_FIXED_LEN));
+                           return;
+                       }
+                       ND_TCHECK2(*bp, sizeof(struct in_addr));
+                       addrtostr(bp, nla_buf, sizeof(nla_buf));
+                       bp += sizeof(struct in_addr);
+                       opts_len -= PGM_OPT_REDIRECT_FIXED_LEN + sizeof(struct in_addr);
                         break;
-#ifdef INET6
                     case AFNUM_INET6:
-                       addr_size = sizeof(struct in6_addr);
-                       nla_af = AF_INET6;
+                       if (opt_len != PGM_OPT_REDIRECT_FIXED_LEN + sizeof(struct in6_addr)) {
+                           ND_PRINT((ndo, "[Bad OPT_REDIRECT option, length %u != %u + address size]",
+                               PGM_OPT_REDIRECT_FIXED_LEN, opt_len));
+                           return;
+                       }
+                       ND_TCHECK2(*bp, sizeof(struct in6_addr));
+                       addrtostr6(bp, nla_buf, sizeof(nla_buf));
+                       bp += sizeof(struct in6_addr);
+                       opts_len -= PGM_OPT_REDIRECT_FIXED_LEN + sizeof(struct in6_addr);
                         break;
-#endif
                     default:
                         goto trunc;
                         break;
                     }
-                   bp += (2 * sizeof(uint16_t));
-                   if (opt_len != 4 + addr_size) {
-                       ND_PRINT((ndo, "[Bad OPT_REDIRECT option, length %u != 4 + address size]", opt_len));
-                       return;
-                   }
-                   ND_TCHECK2(*bp, addr_size);
-                   nla = bp;
-                   bp += addr_size;
  
-                   inet_ntop(nla_af, nla, nla_buf, sizeof(nla_buf));
                     ND_PRINT((ndo, " REDIRECT %s",  nla_buf));
-                   opts_len -= 4 + addr_size;
                     break;
  
                 case PGM_OPT_PARITY_PRM:
-                   if (opt_len != 8) {
-                       ND_PRINT((ndo, "[Bad OPT_PARITY_PRM option, length %u != 8]", opt_len));
+#define PGM_OPT_PARITY_PRM_LEN (2+2+4)
+                   if (opt_len != PGM_OPT_PARITY_PRM_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_PARITY_PRM option, length %u != %u]",
+                           opt_len, PGM_OPT_PARITY_PRM_LEN));
                         return;
                     }
                     bp += 2;
                     len = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
+                   bp += 4;
                     ND_PRINT((ndo, " PARITY MAXTGS %u", len));
-                   opts_len -= 8;
+                   opts_len -= PGM_OPT_PARITY_PRM_LEN;
                     break;
  
                 case PGM_OPT_PARITY_GRP:
-                   if (opt_len != 8) {
-                       ND_PRINT((ndo, "[Bad OPT_PARITY_GRP option, length %u != 8]", opt_len));
+#define PGM_OPT_PARITY_GRP_LEN (2+2+4)
+                   if (opt_len != PGM_OPT_PARITY_GRP_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_PARITY_GRP option, length %u != %u]",
+                           opt_len, PGM_OPT_PARITY_GRP_LEN));
                         return;
                     }
                     bp += 2;
                     seq = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
+                   bp += 4;
                     ND_PRINT((ndo, " PARITY GROUP %u", seq));
-                   opts_len -= 8;
+                   opts_len -= PGM_OPT_PARITY_GRP_LEN;
                     break;
  
                 case PGM_OPT_CURR_TGSIZE:
-                   if (opt_len != 8) {
-                       ND_PRINT((ndo, "[Bad OPT_CURR_TGSIZE option, length %u != 8]", opt_len));
+#define PGM_OPT_CURR_TGSIZE_LEN        (2+2+4)
+                   if (opt_len != PGM_OPT_CURR_TGSIZE_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_CURR_TGSIZE option, length %u != %u]",
+                           opt_len, PGM_OPT_CURR_TGSIZE_LEN));
                         return;
                     }
                     bp += 2;
                     len = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
+                   bp += 4;
                     ND_PRINT((ndo, " PARITY ATGS %u", len));
-                   opts_len -= 8;
+                   opts_len -= PGM_OPT_CURR_TGSIZE_LEN;
                     break;
  
                 case PGM_OPT_NBR_UNREACH:
-                   if (opt_len != 4) {
-                       ND_PRINT((ndo, "[Bad OPT_NBR_UNREACH option, length %u != 4]", opt_len));
+#define PGM_OPT_NBR_UNREACH_LEN        (2+2)
+                   if (opt_len != PGM_OPT_NBR_UNREACH_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_NBR_UNREACH option, length %u != %u]",
+                           opt_len, PGM_OPT_NBR_UNREACH_LEN));
                         return;
                     }
                     bp += 2;
                     ND_PRINT((ndo, " NBR_UNREACH"));
-                   opts_len -= 4;
+                   opts_len -= PGM_OPT_NBR_UNREACH_LEN;
                     break;
  
                 case PGM_OPT_PATH_NLA:
@@ -682,33 +673,39 @@ pgm_print(netdissect_options *ndo,
                     break;
  
                 case PGM_OPT_SYN:
-                   if (opt_len != 4) {
-                       ND_PRINT((ndo, "[Bad OPT_SYN option, length %u != 4]", opt_len));
+#define PGM_OPT_SYN_LEN        (2+2)
+                   if (opt_len != PGM_OPT_SYN_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_SYN option, length %u != %u]",
+                           opt_len, PGM_OPT_SYN_LEN));
                         return;
                     }
                     bp += 2;
                     ND_PRINT((ndo, " SYN"));
-                   opts_len -= 4;
+                   opts_len -= PGM_OPT_SYN_LEN;
                     break;
  
                 case PGM_OPT_FIN:
-                   if (opt_len != 4) {
-                       ND_PRINT((ndo, "[Bad OPT_FIN option, length %u != 4]", opt_len));
+#define PGM_OPT_FIN_LEN        (2+2)
+                   if (opt_len != PGM_OPT_FIN_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_FIN option, length %u != %u]",
+                           opt_len, PGM_OPT_FIN_LEN));
                         return;
                     }
                     bp += 2;
                     ND_PRINT((ndo, " FIN"));
-                   opts_len -= 4;
+                   opts_len -= PGM_OPT_FIN_LEN;
                     break;
  
                 case PGM_OPT_RST:
-                   if (opt_len != 4) {
-                       ND_PRINT((ndo, "[Bad OPT_RST option, length %u != 4]", opt_len));
+#define PGM_OPT_RST_LEN        (2+2)
+                   if (opt_len != PGM_OPT_RST_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_RST option, length %u != %u]",
+                           opt_len, PGM_OPT_RST_LEN));
                         return;
                     }
                     bp += 2;
                     ND_PRINT((ndo, " RST"));
-                   opts_len -= 4;
+                   opts_len -= PGM_OPT_RST_LEN;
                     break;
  
                 case PGM_OPT_CR:
@@ -718,79 +715,101 @@ pgm_print(netdissect_options *ndo,
                     break;
  
                 case PGM_OPT_CRQST:
-                   if (opt_len != 4) {
-                       ND_PRINT((ndo, "[Bad OPT_CRQST option, length %u != 4]", opt_len));
+#define PGM_OPT_CRQST_LEN      (2+2)
+                   if (opt_len != PGM_OPT_CRQST_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_CRQST option, length %u != %u]",
+                           opt_len, PGM_OPT_CRQST_LEN));
                         return;
                     }
                     bp += 2;
                     ND_PRINT((ndo, " CRQST"));
-                   opts_len -= 4;
+                   opts_len -= PGM_OPT_CRQST_LEN;
                     break;
  
                 case PGM_OPT_PGMCC_DATA:
+#define PGM_OPT_PGMCC_DATA_FIXED_LEN   (2+2+4+2+2)
+                   if (opt_len < PGM_OPT_PGMCC_DATA_FIXED_LEN) {
+                       ND_PRINT((ndo, "[Bad OPT_PGMCC_DATA option, length %u < %u]",
+                           opt_len, PGM_OPT_PGMCC_DATA_FIXED_LEN));
+                       return;
+                   }
                     bp += 2;
                     offset = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
-                   switch (EXTRACT_16BITS(bp)) {
+                   bp += 4;
+                   nla_afnum = EXTRACT_16BITS(bp);
+                   bp += 2+2;
+                   switch (nla_afnum) {
                     case AFNUM_INET:
-                       addr_size = sizeof(struct in_addr);
-                       nla_af = AF_INET;
+                       if (opt_len != PGM_OPT_PGMCC_DATA_FIXED_LEN + sizeof(struct in_addr)) {
+                           ND_PRINT((ndo, "[Bad OPT_PGMCC_DATA option, length %u != %u + address size]",
+                               opt_len, PGM_OPT_PGMCC_DATA_FIXED_LEN));
+                           return;
+                       }
+                       ND_TCHECK2(*bp, sizeof(struct in_addr));
+                       addrtostr(bp, nla_buf, sizeof(nla_buf));
+                       bp += sizeof(struct in_addr);
+                       opts_len -= PGM_OPT_PGMCC_DATA_FIXED_LEN + sizeof(struct in_addr);
                         break;
-#ifdef INET6
                     case AFNUM_INET6:
-                       addr_size = sizeof(struct in6_addr);
-                       nla_af = AF_INET6;
+                       if (opt_len != PGM_OPT_PGMCC_DATA_FIXED_LEN + sizeof(struct in6_addr)) {
+                           ND_PRINT((ndo, "[Bad OPT_PGMCC_DATA option, length %u != %u + address size]",
+                               opt_len, PGM_OPT_PGMCC_DATA_FIXED_LEN));
+                           return;
+                       }
+                       ND_TCHECK2(*bp, sizeof(struct in6_addr));
+                       addrtostr6(bp, nla_buf, sizeof(nla_buf));
+                       bp += sizeof(struct in6_addr);
+                       opts_len -= PGM_OPT_PGMCC_DATA_FIXED_LEN + sizeof(struct in6_addr);
                         break;
-#endif
                     default:
                         goto trunc;
                         break;
                     }
-                   bp += (2 * sizeof(uint16_t));
-                   if (opt_len != 12 + addr_size) {
-                       ND_PRINT((ndo, "[Bad OPT_PGMCC_DATA option, length %u != 12 + address size]", opt_len));
-                       return;
-                   }
-                   ND_TCHECK2(*bp, addr_size);
-                   nla = bp;
-                   bp += addr_size;
  
-                   inet_ntop(nla_af, nla, nla_buf, sizeof(nla_buf));
                     ND_PRINT((ndo, " PGMCC DATA %u %s", offset, nla_buf));
-                   opts_len -= 16;
                     break;
  
                 case PGM_OPT_PGMCC_FEEDBACK:
+#define PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN       (2+2+4+2+2)
+                   if (opt_len < PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN) {
+                       ND_PRINT((ndo, "[Bad PGM_OPT_PGMCC_FEEDBACK option, length %u < %u]",
+                           opt_len, PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN));
+                       return;
+                   }
                     bp += 2;
                     offset = EXTRACT_32BITS(bp);
-                   bp += sizeof(uint32_t);
-                   switch (EXTRACT_16BITS(bp)) {
+                   bp += 4;
+                   nla_afnum = EXTRACT_16BITS(bp);
+                   bp += 2+2;
+                   switch (nla_afnum) {
                     case AFNUM_INET:
-                       addr_size = sizeof(struct in_addr);
-                       nla_af = AF_INET;
+                       if (opt_len != PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN + sizeof(struct in_addr)) {
+                           ND_PRINT((ndo, "[Bad OPT_PGMCC_FEEDBACK option, length %u != %u + address size]",
+                               opt_len, PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN));
+                           return;
+                       }
+                       ND_TCHECK2(*bp, sizeof(struct in_addr));
+                       addrtostr(bp, nla_buf, sizeof(nla_buf));
+                       bp += sizeof(struct in_addr);
+                       opts_len -= PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN + sizeof(struct in_addr);
                         break;
-#ifdef INET6
                     case AFNUM_INET6:
-                       addr_size = sizeof(struct in6_addr);
-                       nla_af = AF_INET6;
+                       if (opt_len != PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN + sizeof(struct in6_addr)) {
+                           ND_PRINT((ndo, "[Bad OPT_PGMCC_FEEDBACK option, length %u != %u + address size]",
+                               opt_len, PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN));
+                           return;
+                       }
+                       ND_TCHECK2(*bp, sizeof(struct in6_addr));
+                       addrtostr6(bp, nla_buf, sizeof(nla_buf));
+                       bp += sizeof(struct in6_addr);
+                       opts_len -= PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN + sizeof(struct in6_addr);
                         break;
-#endif
                     default:
                         goto trunc;
                         break;
                     }
-                   bp += (2 * sizeof(uint16_t));
-                   if (opt_len != 12 + addr_size) {
-                       ND_PRINT((ndo, "[Bad OPT_PGMCC_FEEDBACK option, length %u != 12 + address size]", opt_len));
-                       return;
-                   }
-                   ND_TCHECK2(*bp, addr_size);
-                   nla = bp;
-                   bp += addr_size;
  
-                   inet_ntop(nla_af, nla, nla_buf, sizeof(nla_buf));
                     ND_PRINT((ndo, " PGMCC FEEDBACK %u %s", offset, nla_buf));
-                   opts_len -= 16;
                     break;
  
                 default: