Makefile.in: don't remove configure and config.h.in in make distclean.

[tcpdump] / print-esp.c

diff --git a/print-esp.c b/print-esp.c
index 4850d4a14c13c39b035baafe75cc233e9fba279d..2cee08893a12a4f9d180e270c23733d5efa03fe9 100644 (file)
--- a/print-esp.c
+++ b/print-esp.c
@@ -238,7 +238,7 @@ do_decrypt(netdissect_options *ndo, const char *caller, struct sa_list *sa,
         * we can't decrypt on top of the input buffer.
         */
        ptlen = ctlen;
-       pt = (u_char *)malloc(ptlen);
+       pt = (u_char *)calloc(1, ptlen);
        if (pt == NULL) {
                EVP_CIPHER_CTX_free(ctx);
                (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
@@ -329,9 +329,10 @@ int esp_decrypt_buffer_by_ikev2_print(netdissect_options *ndo,
         * on the buffer stack so it can be freed; our caller must
         * pop it when done.
         */
-       if (!nd_push_buffer(ndo, pt, pt, pt + ctlen)) {
+       if (!nd_push_buffer(ndo, pt, pt, ctlen)) {
                free(pt);
-               return 0;
+               (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
+                       "%s: can't push buffer on buffer stack", __func__);
        }
 
        return 1;
@@ -339,7 +340,7 @@ int esp_decrypt_buffer_by_ikev2_print(netdissect_options *ndo,
 DIAG_ON_DEPRECATION
 
 static void esp_print_addsa(netdissect_options *ndo,
-                           struct sa_list *sa, int sa_def)
+                           const struct sa_list *sa, int sa_def)
 {
        /* copy the "sa" */
 
@@ -761,7 +762,7 @@ esp_print(netdissect_options *ndo,
        ND_PRINT(", length %u", length);
 
 #ifdef HAVE_LIBCRYPTO
-       /* initiailize SAs */
+       /* initialize SAs */
        if (ndo->ndo_sa_list_head == NULL) {
                if (!ndo->ndo_espsecret)
                        return;
@@ -877,8 +878,7 @@ esp_print(netdissect_options *ndo,
         * Switch to the output buffer for dissection, and
         * save it on the buffer stack so it can be freed.
         */
-       ep = pt + payloadlen;
-       if (!nd_push_buffer(ndo, pt, pt, ep)) {
+       if (!nd_push_buffer(ndo, pt, pt, payloadlen)) {
                free(pt);
                (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
                        "%s: can't push buffer on buffer stack", __func__);
@@ -893,14 +893,14 @@ esp_print(netdissect_options *ndo,
         * it was not decrypted with the correct key, so that the
         * "plaintext" is not what was being sent.
         */
-       padlen = GET_U_1(ep - 2);
+       padlen = GET_U_1(pt + payloadlen - 2);
        if (padlen + 2 > payloadlen) {
                nd_print_trunc(ndo);
                return;
        }
 
        /* Get the next header */
-       nh = GET_U_1(ep - 1);
+       nh = GET_U_1(pt + payloadlen - 1);
 
        ND_PRINT(": ");
 
@@ -908,7 +908,10 @@ esp_print(netdissect_options *ndo,
         * Don't put padding + padding length(1 byte) + next header(1 byte)
         * in the buffer because they are not part of the plaintext to decode.
         */
-       nd_push_snapend(ndo, ep - (padlen + 2));
+       if (!nd_push_snaplen(ndo, pt, payloadlen - (padlen + 2))) {
+               (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
+                       "%s: can't push snaplen on buffer stack", __func__);
+       }
 
        /* Now dissect the plaintext. */
        ip_demux_print(ndo, pt, payloadlen - (padlen + 2), ver, fragmented,
@@ -916,7 +919,7 @@ esp_print(netdissect_options *ndo,
 
        /* Pop the buffer, freeing it. */
        nd_pop_packet_info(ndo);
-       /* Pop the nd_push_snapend */
+       /* Pop the nd_push_snaplen */
        nd_pop_packet_info(ndo);
 #endif
 }