]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-ip6.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CVE-2017-5485/add the test case
[tcpdump] / print-ip6.c
diff --git a/print-ip6.c b/print-ip6.c
index 2e1803f05d5155cf0ce6d1d1825f92ab40a26480..9f590f2af4e1a8763a31b64e2330f7d57868d801 100644 (file)
--- a/print-ip6.c
+++ b/print-ip6.c
@@ -293,15 +293,19 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length)
                switch (nh) {
                case IPPROTO_HOPOPTS:
                        advance = hbhopt_print(ndo, cp);
+                       if (advance < 0)
+                               return;
                        nh = *cp;
                        break;
                case IPPROTO_DSTOPTS:
                        advance = dstopt_print(ndo, cp);
+                       if (advance < 0)
+                               return;
                        nh = *cp;
                        break;
                case IPPROTO_FRAGMENT:
                        advance = frag6_print(ndo, cp, (const u_char *)ip6);
-                       if (ndo->ndo_snapend <= cp + advance)
+                       if (advance < 0 || ndo->ndo_snapend <= cp + advance)
                                return;
                        nh = *cp;
                        fragmented = 1;
[mirror] the TCPdump network dissector