Handle very large -f files by rejecting them.

[tcpdump] / print-sflow.c

diff --git a/print-sflow.c b/print-sflow.c
index 37a41b529cd322194505772ec1e3afdec0d2b7d6..dcaf28e8648c1dbd607a0a9ff7291b30eb19b6c1 100644 (file)
--- a/print-sflow.c
+++ b/print-sflow.c
@@ -881,6 +881,14 @@ sflow_print(netdissect_options *ndo,
     tptr = pptr;
     tlen = len;
     sflow_datagram = (const struct sflow_datagram_t *)pptr;
+    if (len < sizeof(struct sflow_datagram_t)) {
+        ND_TCHECK(sflow_datagram->version);
+        ND_PRINT((ndo, "sFlowv%u", EXTRACT_32BITS(sflow_datagram->version)));
+        ND_PRINT((ndo, " [length %u < %zu]",
+                  len, sizeof(struct sflow_datagram_t)));
+        ND_PRINT((ndo, " (invalid)"));
+        return;
+    }
     ND_TCHECK(*sflow_datagram);
 
     /*
@@ -916,6 +924,8 @@ sflow_print(netdissect_options *ndo,
 
     /* skip Common header */
     tptr += sizeof(const struct sflow_datagram_t);
+
+    if(tlen <= sizeof(const struct sflow_datagram_t)) goto trunc;
     tlen -= sizeof(const struct sflow_datagram_t);
 
     while (nsamples > 0 && tlen > 0) {