sFlow: Add a length check

[tcpdump] / print-sflow.c

diff --git a/print-sflow.c b/print-sflow.c
index 68bca0177cfb3ad7ae1f85296d0d5d709dd11f2d..f17f1ce96d1dcc3cbd03b97c17137ddc72453d17 100644 (file)
--- a/print-sflow.c
+++ b/print-sflow.c
@@ -872,6 +872,13 @@ sflow_print(netdissect_options *ndo,
     tptr = pptr;
     tlen = len;
     sflow_datagram = (const struct sflow_datagram_t *)pptr;
+    if (len < sizeof(struct sflow_datagram_t)) {
+        ND_PRINT("sFlowv%u", GET_BE_U_4(sflow_datagram->version));
+        ND_PRINT(" [length %u < %" PRIsize "]",
+                 len, sizeof(struct sflow_datagram_t));
+        nd_print_invalid(ndo);
+        return;
+    }
     ND_TCHECK_SIZE(sflow_datagram);
 
     /*