CVE-2016-7931/Add bounds and length checks.

[tcpdump] / print-juniper.c

diff --git a/print-juniper.c b/print-juniper.c
index 9eafd515d560fac82ba87c8a10662a6e2fcf8954..4fb5453c991a13d45ca6922f8122217ce7f93ec4 100644 (file)
--- a/print-juniper.c
+++ b/print-juniper.c
@@ -15,6 +15,8 @@
  * Original code by Hannes Gredler ([email protected])
  */
 
+/* \summary: DLT_JUNIPER_* printers */
+
 #ifndef lint
 #else
 __RCSID("NetBSD: print-juniper.c,v 1.3 2007/07/25 06:31:32 dogcow Exp ");
@@ -26,6 +28,8 @@ __RCSID("NetBSD: print-juniper.c,v 1.3 2007/07/25 06:31:32 dogcow Exp ");
 
 #include <netdissect-stdinc.h>
 
+#include <string.h>
+
 #include "netdissect.h"
 #include "addrtoname.h"
 #include "extract.h"
@@ -742,7 +746,8 @@ juniper_pppoe_atm_print(netdissect_options *ndo,
         if (ethertype_print(ndo, extracted_ethertype,
                               p+ETHERTYPE_LEN,
                               l2info.length-ETHERTYPE_LEN,
-                              l2info.caplen-ETHERTYPE_LEN) == 0)
+                              l2info.caplen-ETHERTYPE_LEN,
+                              NULL, NULL) == 0)
             /* ether_type not known, probably it wasn't one */
             ND_PRINT((ndo, "unknown ethertype 0x%04x", extracted_ethertype));
 
@@ -817,6 +822,7 @@ juniper_mfr_print(netdissect_options *ndo,
 {
         struct juniper_l2info_t l2info;
 
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_MFR;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0)
             return l2info.header_len;
@@ -1032,10 +1038,8 @@ juniper_ppp_heuristic_guess(netdissect_options *ndo,
     case PPP_PAP :
     case PPP_CHAP :
     case PPP_ML :
-#ifdef INET6
     case PPP_IPV6 :
     case PPP_IPV6CP :
-#endif
         ppp_print(ndo, p, length);
         break;