]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-bootp.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Do more bounds checking.
[tcpdump] / print-bootp.c
diff --git a/print-bootp.c b/print-bootp.c
index dbb9f3702dc8f24a5e873d74b99e785c74d0b7c8..c0077eeb23dbe30f7e085790ce5442c3d4f2f4ab 100644 (file)
--- a/print-bootp.c
+++ b/print-bootp.c
@@ -20,6 +20,10 @@
  *
  * Format and print bootp packets.
  */
+#ifndef lint
+static const char rcsid[] _U_ =
+    "@(#) $Header: /tcpdump/master/tcpdump/print-bootp.c,v 1.78.2.2 2005-05-06 04:19:39 guy Exp $ (LBL)";
+#endif
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -36,10 +40,6 @@
 #include "ether.h"
 #include "bootp.h"
 
-#ifndef lint
-static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-bootp.c,v 1.76 2003-11-15 00:39:17 guy Exp $ (LBL)";
-#endif
 static void rfc1048_print(const u_char *);
 static void cmu_print(const u_char *);
 
@@ -444,7 +444,10 @@ rfc1048_print(register const u_char *bp)
                case 'a':
                        /* ascii strings */
                        putchar('"');
-                       (void)fn_printn(bp, size, NULL);
+                       if (fn_printn(bp, size, snapend)) {
+                               putchar('"');
+                               goto trunc;
+                       }
                        putchar('"');
                        bp += size;
                        size = 0;
@@ -556,13 +559,21 @@ rfc1048_print(register const u_char *bp)
                                break;
 
                        case TAG_CLIENT_FQDN:
+                               /* option 81 should be at least 4 bytes long */
+                               if (len < 4)  {
+                                        printf("ERROR: options 81 len %u < 4 bytes", len);
+                                       break;
+                               }
                                if (*bp++)
                                        printf("[svrreg]");
                                if (*bp)
                                        printf("%u/%u/", *bp, *(bp+1));
                                bp += 2;
                                putchar('"');
-                               (void)fn_printn(bp, size - 3, NULL);
+                               if (fn_printn(bp, size - 3, snapend)) {
+                                       putchar('"');
+                                       goto trunc;
+                               }
                                putchar('"');
                                bp += size - 3;
                                size = 0;
@@ -573,7 +584,10 @@ rfc1048_print(register const u_char *bp)
                                size--;
                                if (type == 0) {
                                        putchar('"');
-                                       (void)fn_printn(bp, size, NULL);
+                                       if (fn_printn(bp, size, snapend)) {
+                                               putchar('"');
+                                               goto trunc;
+                                       }
                                        putchar('"');
                                        bp += size;
                                        size = 0;
[mirror] the TCPdump network dissector