]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-atalk.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CVE-2017-13040/MPTCP: Clean up printing DSS suboption.
[tcpdump] / print-atalk.c
diff --git a/print-atalk.c b/print-atalk.c
index 2a67499079d081a3bd247e7dbcc49503ea17e47a..9d7d69d3d790189f01ca5d430980b98d021d2ac4 100644 (file)
--- a/print-atalk.c
+++ b/print-atalk.c
@@ -77,7 +77,14 @@ u_int
 ltalk_if_print(netdissect_options *ndo,
                const struct pcap_pkthdr *h, const u_char *p)
 {
-       return (llap_print(ndo, p, h->caplen));
+       u_int hdrlen;
+
+       hdrlen = llap_print(ndo, p, h->len);
+       if (hdrlen == 0) {
+               /* Cut short by the snapshot length. */
+               return (h->caplen);
+       }
+       return (hdrlen);
 }
 
 /*
@@ -97,6 +104,10 @@ llap_print(netdissect_options *ndo,
                ND_PRINT((ndo, " [|llap %u]", length));
                return (length);
        }
+       if (!ND_TTEST2(*bp, sizeof(*lp))) {
+               ND_PRINT((ndo, " [|llap]"));
+               return (0);     /* cut short by the snapshot length */
+       }
        lp = (const struct LAP *)bp;
        bp += sizeof(*lp);
        length -= sizeof(*lp);
@@ -108,6 +119,10 @@ llap_print(netdissect_options *ndo,
                        ND_PRINT((ndo, " [|sddp %u]", length));
                        return (length);
                }
+               if (!ND_TTEST2(*bp, ddpSSize)) {
+                       ND_PRINT((ndo, " [|sddp]"));
+                       return (0);     /* cut short by the snapshot length */
+               }
                sdp = (const struct atShortDDP *)bp;
                ND_PRINT((ndo, "%s.%s",
                    ataddr_string(ndo, 0, lp->src), ddpskt_string(ndo, sdp->srcSkt)));
@@ -124,6 +139,10 @@ llap_print(netdissect_options *ndo,
                        ND_PRINT((ndo, " [|ddp %u]", length));
                        return (length);
                }
+               if (!ND_TTEST2(*bp, ddpSize)) {
+                       ND_PRINT((ndo, " [|ddp]"));
+                       return (0);     /* cut short by the snapshot length */
+               }
                dp = (const struct atDDP *)bp;
                snet = EXTRACT_16BITS(&dp->srcNet);
                ND_PRINT((ndo, "%s.%s", ataddr_string(ndo, snet, dp->srcNode),
@@ -170,6 +189,10 @@ atalk_print(netdissect_options *ndo,
                ND_PRINT((ndo, " [|ddp %u]", length));
                return;
        }
+       if (!ND_TTEST2(*bp, ddpSize)) {
+               ND_PRINT((ndo, " [|ddp]"));
+               return;
+       }
        dp = (const struct atDDP *)bp;
        snet = EXTRACT_16BITS(&dp->srcNet);
        ND_PRINT((ndo, "%s.%s", ataddr_string(ndo, snet, dp->srcNode),
@@ -193,6 +216,15 @@ aarp_print(netdissect_options *ndo,
 
        ND_PRINT((ndo, "aarp "));
        ap = (const struct aarp *)bp;
+       if (!ND_TTEST(*ap)) {
+               /* Just bail if we don't have the whole chunk. */
+               ND_PRINT((ndo, " [|aarp]"));
+               return;
+       }
+       if (length < sizeof(*ap)) {
+               ND_PRINT((ndo, " [|aarp %u]", length));
+               return;
+       }
        if (EXTRACT_16BITS(&ap->htype) == 1 &&
            EXTRACT_16BITS(&ap->ptype) == ETHERTYPE_ATALK &&
            ap->halen == 6 && ap->palen == 4 )
[mirror] the TCPdump network dissector