Avoid -E and -M options inconsistencies with no libcrypto

[tcpdump] / print-nfs.c

diff --git a/print-nfs.c b/print-nfs.c
index 523a0716ec9b342a79319668a094614f767f70fc..b67ec370ed67a7bf4b2082b9c68d0ce61662a44e 100644 (file)
--- a/print-nfs.c
+++ b/print-nfs.c
@@ -432,6 +432,11 @@ parsereq(netdissect_options *ndo,
        if (length < 2 * sizeof(*dp))
                goto trunc;
        len = GET_BE_U_4(dp + 1);
+       if (len > length) {
+               ND_PRINT(" [credentials length %u > %u]", len, length);
+               nd_print_invalid(ndo);
+               return NULL;
+       }
        rounded_len = roundup2(len, 4);
        ND_TCHECK_LEN(dp + 2, rounded_len);
        if (2 * sizeof(*dp) + rounded_len <= length) {
@@ -451,6 +456,11 @@ parsereq(netdissect_options *ndo,
                if (length < 2 * sizeof(*dp))
                        goto trunc;
                len = GET_BE_U_4(dp + 1);
+               if (len > length) {
+                       ND_PRINT(" [verifier length %u > %u]", len, length);
+                       nd_print_invalid(ndo);
+                       return NULL;
+               }
                rounded_len = roundup2(len, 4);
                ND_TCHECK_LEN(dp + 2, rounded_len);
                if (2 * sizeof(*dp) + rounded_len < length) {