*/
+#ifndef lint
+static const char rcsid[] _U_ =
+ "@(#) $Header: /tcpdump/master/tcpdump/print-l2tp.c,v 1.17 2003-12-26 23:20:58 guy Exp $";
+#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#include "interface.h"
#include "extract.h"
-#ifndef lint
-static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-l2tp.c,v 1.15 2003-11-15 00:39:30 guy Exp $";
-#endif
static char tstr[] = " [|l2tp]";
#ifndef TRUE
TCHECK(*ptr); /* Flags & Length */
len = EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_LEN_MASK;
- /* If it is not long enough to decode the entire AVP, we'll
- abandon. */
+ /* If it is not long enough to contain the header, we'll give up. */
+ if (len < 6)
+ goto trunc;
+
+ /* If it goes past the end of the remaining length of the packet,
+ we'll give up. */
+ if (len > (u_int)length)
+ goto trunc;
+
+ /* If it goes past the end of the remaining length of the captured
+ data, we'll give up. */
TCHECK2(*ptr, len);
/* After this point, no need to worry about truncation */