if (ethertype_print(ndo, extracted_ethertype,
p+addr_len+ETHERTYPE_LEN,
length-addr_len-ETHERTYPE_LEN,
- length-addr_len-ETHERTYPE_LEN,
+ ndo->ndo_snapend-p-addr_len-ETHERTYPE_LEN,
NULL, NULL) == 0)
/* ether_type not known, probably it wasn't one */
ND_PRINT((ndo, "UI %02x! ", p[addr_len]));
case NLPID_CLNP:
case NLPID_ESIS:
case NLPID_ISIS:
- isoclns_print(ndo, p - 1, length + 1, length + 1); /* OSI printers need the NLPID field */
+ isoclns_print(ndo, p - 1, length + 1); /* OSI printers need the NLPID field */
break;
case NLPID_SNAP:
- if (snap_print(ndo, p, length, length, NULL, NULL, 0) == 0) {
+ if (snap_print(ndo, p, length, ndo->ndo_snapend - p, NULL, NULL, 0) == 0) {
/* ether_type not known, print raw packet */
if (!ndo->ndo_eflag)
fr_hdr_print(ndo, length + hdr_len, hdr_len,
*/
ND_TCHECK2(*p, 4); /* minimum frame header length */
+ if (length < 4) {
+ ND_PRINT((ndo, "Message too short (%u bytes)", length));
+ return length;
+ }
if ((p[0] & MFR_BEC_MASK) == MFR_CTRL_FRAME && p[1] == 0) {
ND_PRINT((ndo, "FRF.16 Control, Flags [%s], %s, length %u",
switch (ie_type) {
case MFR_CTRL_IE_MAGIC_NUM:
+ /* FRF.16.1 Section 3.4.3 Magic Number Information Element */
+ if (ie_len != 4) {
+ ND_PRINT((ndo, "(invalid length)"));
+ break;
+ }
ND_PRINT((ndo, "0x%08x", EXTRACT_32BITS(tptr)));
break;
ND_PRINT((ndo, "%s, codeset %u", is_ansi ? "ANSI" : "CCITT", codeset));
if (call_ref_length != 0) {
+ ND_TCHECK(p[0]);
if (call_ref_length > 1 || p[0] != 0) {
/*
* Not a dummy call reference.
projects / tcpdump / blobdiff