(for 4.9.3) CVE-2018-14880/OSPFv3: Fix a bounds check

[tcpdump] / print-babel.c

diff --git a/print-babel.c b/print-babel.c
index f4e62f343b3b8ef66c7b29410e86b40578a569de..0bb2483adedbfcf4aa51656039ea290c9647b414 100644 (file)
--- a/print-babel.c
+++ b/print-babel.c
@@ -26,6 +26,8 @@
  * SUCH DAMAGE.
  */
 
+/* \summary: Babel Routing Protocol printer */
+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -350,6 +352,8 @@ babel_print_v2(netdissect_options *ndo,
         goto invalid;
     bodylen = EXTRACT_16BITS(cp + 2);
     ND_PRINT((ndo, " (%u)", bodylen));
+    if (4U + bodylen > length)
+        goto invalid;
 
     /* Process the TLVs in the body */
     i = 0;
@@ -478,7 +482,7 @@ babel_print_v2(netdissect_options *ndo,
         case MESSAGE_UPDATE: {
             if (!ndo->ndo_vflag) {
                 ND_PRINT((ndo, " update"));
-                if(len < 1)
+                if(len < 10)
                     ND_PRINT((ndo, "/truncated"));
                 else
                     ND_PRINT((ndo, "%s%s%s",