CVE-2016-7936/Add a bounds check.

[tcpdump] / print-udp.c

diff --git a/print-udp.c b/print-udp.c
index 4b5cd7c25055e9a51826853487714c0bd3ba7da1..768f4bed3104dc454240ca947a75dde0b6329caf 100644 (file)
--- a/print-udp.c
+++ b/print-udp.c
@@ -365,6 +365,11 @@ udp_print(netdissect_options *ndo, register const u_char *bp, u_int length,
        sport = EXTRACT_16BITS(&up->uh_sport);
        dport = EXTRACT_16BITS(&up->uh_dport);
 
+       if (!ND_TTEST(up->uh_ulen)) {
+               udpipaddr_print(ndo, ip, sport, dport);
+               ND_PRINT((ndo, "[|udp]"));
+               return;
+       }
        if (length < sizeof(struct udphdr)) {
                udpipaddr_print(ndo, ip, sport, dport);
                ND_PRINT((ndo, "truncated-udp %d", length));