CVE-2017-13040/MPTCP: Clean up printing DSS suboption.

[tcpdump] / print-atalk.c

diff --git a/print-atalk.c b/print-atalk.c
index cd4812f3f79e2fc0c2cea2968c084d5a7a809e47..9d7d69d3d790189f01ca5d430980b98d021d2ac4 100644 (file)
--- a/print-atalk.c
+++ b/print-atalk.c
@@ -17,8 +17,6 @@
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- *
- * Format and print AppleTalk packets.
  */
 
 /* \summary: AppleTalk printer */
@@ -79,7 +77,14 @@ u_int
 ltalk_if_print(netdissect_options *ndo,
                const struct pcap_pkthdr *h, const u_char *p)
 {
-       return (llap_print(ndo, p, h->caplen));
+       u_int hdrlen;
+
+       hdrlen = llap_print(ndo, p, h->len);
+       if (hdrlen == 0) {
+               /* Cut short by the snapshot length. */
+               return (h->caplen);
+       }
+       return (hdrlen);
 }
 
 /*
@@ -99,6 +104,10 @@ llap_print(netdissect_options *ndo,
                ND_PRINT((ndo, " [|llap %u]", length));
                return (length);
        }
+       if (!ND_TTEST2(*bp, sizeof(*lp))) {
+               ND_PRINT((ndo, " [|llap]"));
+               return (0);     /* cut short by the snapshot length */
+       }
        lp = (const struct LAP *)bp;
        bp += sizeof(*lp);
        length -= sizeof(*lp);
@@ -110,6 +119,10 @@ llap_print(netdissect_options *ndo,
                        ND_PRINT((ndo, " [|sddp %u]", length));
                        return (length);
                }
+               if (!ND_TTEST2(*bp, ddpSSize)) {
+                       ND_PRINT((ndo, " [|sddp]"));
+                       return (0);     /* cut short by the snapshot length */
+               }
                sdp = (const struct atShortDDP *)bp;
                ND_PRINT((ndo, "%s.%s",
                    ataddr_string(ndo, 0, lp->src), ddpskt_string(ndo, sdp->srcSkt)));
@@ -126,6 +139,10 @@ llap_print(netdissect_options *ndo,
                        ND_PRINT((ndo, " [|ddp %u]", length));
                        return (length);
                }
+               if (!ND_TTEST2(*bp, ddpSize)) {
+                       ND_PRINT((ndo, " [|ddp]"));
+                       return (0);     /* cut short by the snapshot length */
+               }
                dp = (const struct atDDP *)bp;
                snet = EXTRACT_16BITS(&dp->srcNet);
                ND_PRINT((ndo, "%s.%s", ataddr_string(ndo, snet, dp->srcNode),
@@ -172,6 +189,10 @@ atalk_print(netdissect_options *ndo,
                ND_PRINT((ndo, " [|ddp %u]", length));
                return;
        }
+       if (!ND_TTEST2(*bp, ddpSize)) {
+               ND_PRINT((ndo, " [|ddp]"));
+               return;
+       }
        dp = (const struct atDDP *)bp;
        snet = EXTRACT_16BITS(&dp->srcNet);
        ND_PRINT((ndo, "%s.%s", ataddr_string(ndo, snet, dp->srcNode),
@@ -195,6 +216,15 @@ aarp_print(netdissect_options *ndo,
 
        ND_PRINT((ndo, "aarp "));
        ap = (const struct aarp *)bp;
+       if (!ND_TTEST(*ap)) {
+               /* Just bail if we don't have the whole chunk. */
+               ND_PRINT((ndo, " [|aarp]"));
+               return;
+       }
+       if (length < sizeof(*ap)) {
+               ND_PRINT((ndo, " [|aarp %u]", length));
+               return;
+       }
        if (EXTRACT_16BITS(&ap->htype) == 1 &&
            EXTRACT_16BITS(&ap->ptype) == ETHERTYPE_ATALK &&
            ap->halen == 6 && ap->palen == 4 )