Handle very large -f files by rejecting them.

[tcpdump] / print-sflow.c

diff --git a/print-sflow.c b/print-sflow.c
index f3d6ff5f6a746ead900538acd2f3514b80e08918..dcaf28e8648c1dbd607a0a9ff7291b30eb19b6c1 100644 (file)
--- a/print-sflow.c
+++ b/print-sflow.c
@@ -12,18 +12,20 @@
  * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  * FOR A PARTICULAR PURPOSE.
  *
- * The SFLOW protocol as per http://www.sflow.org/developers/specifications.php
- *
  * Original code by Carles Kishimoto <[email protected]>
  *
  * Expansion and refactoring by Rick Jones <[email protected]>
  */
 
+/* \summary: sFlow protocol printer */
+
+/* specification: http://www.sflow.org/developers/specifications.php */
+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 
-#include <tcpdump-stdinc.h>
+#include <netdissect-stdinc.h>
 
 #include "netdissect.h"
 #include "extract.h"
@@ -879,6 +881,14 @@ sflow_print(netdissect_options *ndo,
     tptr = pptr;
     tlen = len;
     sflow_datagram = (const struct sflow_datagram_t *)pptr;
+    if (len < sizeof(struct sflow_datagram_t)) {
+        ND_TCHECK(sflow_datagram->version);
+        ND_PRINT((ndo, "sFlowv%u", EXTRACT_32BITS(sflow_datagram->version)));
+        ND_PRINT((ndo, " [length %u < %zu]",
+                  len, sizeof(struct sflow_datagram_t)));
+        ND_PRINT((ndo, " (invalid)"));
+        return;
+    }
     ND_TCHECK(*sflow_datagram);
 
     /*
@@ -914,6 +924,8 @@ sflow_print(netdissect_options *ndo,
 
     /* skip Common header */
     tptr += sizeof(const struct sflow_datagram_t);
+
+    if(tlen <= sizeof(const struct sflow_datagram_t)) goto trunc;
     tlen -= sizeof(const struct sflow_datagram_t);
 
     while (nsamples > 0 && tlen > 0) {