CVE-2016-7931/Add bounds and length checks.

[tcpdump] / print-pflog.c

diff --git a/print-pflog.c b/print-pflog.c
index 72ae276320ce9a18ee669ff582cfb69e972616c5..265efd3c866b9595f5ee8f01225db77ae2c3a793 100644 (file)
--- a/print-pflog.c
+++ b/print-pflog.c
@@ -19,7 +19,8 @@
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-#define NETDISSECT_REWORKED
+/* \summary: OpenBSD packet filter log file printer */
+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -33,9 +34,9 @@
 #include <net/pfvar.h>
 #include <net/if_pflog.h>
 
-#include <tcpdump-stdinc.h>
+#include <netdissect-stdinc.h>
 
-#include "interface.h"
+#include "netdissect.h"
 #include "extract.h"
 
 static const char tstr[] = "[|pflog]";
@@ -120,7 +121,7 @@ pflog_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
        }
 
 #define MIN_PFLOG_HDRLEN       45
-       hdr = (struct pfloghdr *)p;
+       hdr = (const struct pfloghdr *)p;
        if (hdr->length < MIN_PFLOG_HDRLEN) {
                ND_PRINT((ndo, "[pflog: invalid header length!]"));
                return (hdr->length);   /* XXX: not really */
@@ -133,7 +134,6 @@ pflog_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h,
        }
 
        /* print what we know */
-       hdr = (struct pfloghdr *)p;
        ND_TCHECK(*hdr);
        if (ndo->ndo_eflag)
                pflog_print(ndo, hdr);