CVE-2016-7975/Fix another bounds check.

[tcpdump] / print-juniper.c

diff --git a/print-juniper.c b/print-juniper.c
index a9a9339a722c0344ed1fb578e48a9c842fc2a49e..4fb5453c991a13d45ca6922f8122217ce7f93ec4 100644 (file)
--- a/print-juniper.c
+++ b/print-juniper.c
@@ -28,6 +28,8 @@ __RCSID("NetBSD: print-juniper.c,v 1.3 2007/07/25 06:31:32 dogcow Exp ");
 
 #include <netdissect-stdinc.h>
 
+#include <string.h>
+
 #include "netdissect.h"
 #include "addrtoname.h"
 #include "extract.h"
@@ -744,7 +746,8 @@ juniper_pppoe_atm_print(netdissect_options *ndo,
         if (ethertype_print(ndo, extracted_ethertype,
                               p+ETHERTYPE_LEN,
                               l2info.length-ETHERTYPE_LEN,
-                              l2info.caplen-ETHERTYPE_LEN) == 0)
+                              l2info.caplen-ETHERTYPE_LEN,
+                              NULL, NULL) == 0)
             /* ether_type not known, probably it wasn't one */
             ND_PRINT((ndo, "unknown ethertype 0x%04x", extracted_ethertype));
 
@@ -819,6 +822,7 @@ juniper_mfr_print(netdissect_options *ndo,
 {
         struct juniper_l2info_t l2info;
 
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_MFR;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0)
             return l2info.header_len;