CVE-2017-13012/ICMP: Add a missing bounds check.

[tcpdump] / print-icmp.c

diff --git a/print-icmp.c b/print-icmp.c
index 53392212eb5ffdd1cc761be1eadb4a23f3d61b4e..c33f83a691a4850590b415dfeb57d29976dbd0af 100644 (file)
--- a/print-icmp.c
+++ b/print-icmp.c
@@ -582,6 +582,7 @@ icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char *
                ip = (const struct ip *)bp;
                ndo->ndo_snaplen = ndo->ndo_snapend - bp;
                 snapend_save = ndo->ndo_snapend;
+               ND_TCHECK_16BITS(&ip->ip_len);
                ip_print(ndo, bp, EXTRACT_16BITS(&ip->ip_len));
                 ndo->ndo_snapend = snapend_save;
        }