CVE-2017-13687/CHDLC: Improve bounds and length checks.

[tcpdump] / signature.c

diff --git a/signature.c b/signature.c
index c97b853421e1c8f4fd2bab1d96ed0b225b42c807..2091afb3e8e5ff0ccc63ab105d49ed76edbbdc6b 100644 (file)
--- a/signature.c
+++ b/signature.c
@@ -12,7 +12,7 @@
  *
  * Functions for signature and digest verification.
  *
- * Original code by Hannes Gredler (hannes@juniper.net)
+ * Original code by Hannes Gredler (hannes@gredler.at)
  */
 
 #ifdef HAVE_CONFIG_H
@@ -142,7 +142,7 @@ signature_verify(netdissect_options *ndo, const u_char *pptr, u_int plen,
         /* No. */
         return (CANT_CHECK_SIGNATURE);
     }
-    if ((sig_ptr + sizeof(sig) - pptr) > plen) {
+    if (sig_ptr + sizeof(sig) > pptr + plen) {
         /* No. */
         return (CANT_CHECK_SIGNATURE);
     }
@@ -167,7 +167,7 @@ signature_verify(netdissect_options *ndo, const u_char *pptr, u_int plen,
      * Clear anything else that needs to be cleared in the copy.
      * Our caller is assumed to have vetted the clear_arg pointer.
      */
-    (*clear_rtn)((void *)(packet_copy + ((const u_int8_t *)clear_arg - pptr)));
+    (*clear_rtn)((void *)(packet_copy + ((const uint8_t *)clear_arg - pptr)));
 
     /*
      * Compute the signature.