#include "netdissect-stdinc.h"
-#include <string.h>
-
#include "netdissect.h"
#include "addrtoname.h"
#include "extract.h"
ND_PRINT(" [bad ptr %u]", GET_U_1(cp + 2));
for (len = 3; len < length; len += 4) {
- ND_TCHECK_4(cp + len);
+ ND_TCHECK_4(cp + len); /* Needed to print the IP addresses */
ND_PRINT(" %s", GET_IPADDR_STRING(cp + len));
if (ptr > len)
ND_PRINT(",");
case IPOPT_TS_TSANDADDR:
ND_PRINT("TS+ADDR");
break;
- /*
- * prespecified should really be 3, but some ones might send 2
- * instead, and the IPOPT_TS_PRESPEC constant can apparently
- * have both values, so we have to hard-code it here.
- */
-
- case 2:
- ND_PRINT("PRESPEC2.0");
- break;
- case 3: /* IPOPT_TS_PRESPEC */
+ case IPOPT_TS_PRESPEC:
ND_PRINT("PRESPEC");
break;
default:
/*
* Cut off the snapshot length to the end of the IP payload.
*/
- nd_push_snapend(ndo, bp + len);
+ if (!nd_push_snaplen(ndo, bp, len)) {
+ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
+ "%s: can't push snaplen on buffer stack", __func__);
+ }
len -= hlen;
GET_IPADDR_STRING(ip->ip_src),
GET_IPADDR_STRING(ip->ip_dst));
}
+ /*
+ * Do a bounds check before calling ip_demux_print().
+ * At least the header data is required.
+ */
+ if (!ND_TTEST_LEN((const u_char *)ip, hlen)) {
+ ND_PRINT(" [remaining caplen(%u) < header length(%u)]",
+ ND_BYTES_AVAILABLE_AFTER((const u_char *)ip),
+ hlen);
+ nd_trunc_longjmp(ndo);
+ }
ip_demux_print(ndo, (const u_char *)ip + hlen, len, 4,
- off & IP_MF, GET_U_1(ip->ip_ttl), nh, bp);
+ off & IP_MF, GET_U_1(ip->ip_ttl), nh, bp);
} else {
/*
* Ultra quiet now means that all this stuff should be
trunc:
nd_print_trunc(ndo);
- return;
}
void
projects / tcpdump / blobdiff