uint8_t flags;
ND_PRINT((ndo, "\n\t"));
- ND_TCHECK2(*cp, 1); /* length/0xFF */
+ ND_TCHECK_1(cp); /* length/0xFF */
if (cp[0] != 0xFF) {
header_len = 1; /* length */
header_len = 1 + 8; /* 0xFF, length */
ND_PRINT((ndo, " frame flags+body (64-bit) length"));
ND_TCHECK2(*cp, header_len); /* 0xFF, length */
- body_len_declared = EXTRACT_64BITS(cp + 1);
+ body_len_declared = EXTRACT_BE_U_8(cp + 1);
ND_PRINT((ndo, " %" PRIu64, body_len_declared));
}
if (body_len_declared == 0)
}
}
- ND_TCHECK2(*cp, header_len + body_len_declared); /* Next frame within the buffer ? */
- return cp + header_len + body_len_declared;
+ /*
+ * Do not advance cp by the sum of header_len and body_len_declared
+ * before each offset has successfully passed ND_TCHECK2() as the
+ * sum can roll over (9 + 0xfffffffffffffff7 = 0) and cause an
+ * infinite loop.
+ */
+ cp += header_len;
+ ND_TCHECK2(*cp, body_len_declared); /* Next frame within the buffer ? */
+ return cp + body_len_declared;
trunc:
ND_PRINT((ndo, "%s", tstr));
u_int frame_offset;
uint64_t remaining_len;
- ND_TCHECK2(*cp, 2);
- frame_offset = EXTRACT_16BITS(cp);
+ ND_TCHECK_2(cp);
+ frame_offset = EXTRACT_BE_U_2(cp);
ND_PRINT((ndo, "\n\t frame offset 0x%04x", frame_offset));
cp += 2;
remaining_len = ndo->ndo_snapend - cp; /* without the frame length */
}
void
-zmtp1_print_datagram(netdissect_options *ndo, const u_char *cp, const u_int len)
+zmtp1_datagram_print(netdissect_options *ndo, const u_char *cp, const u_int len)
{
const u_char *ep = min(ndo->ndo_snapend, cp + len);
projects / tcpdump / blobdiff