Makefile.in: don't remove configure and config.h.in in make distclean.

[tcpdump] / print-ip.c

diff --git a/print-ip.c b/print-ip.c
index 187d36e63bba4efb0d8eaf900d4116538f859f63..23ba99c970075099b9e5a80a598967e2c4081b6e 100644 (file)
--- a/print-ip.c
+++ b/print-ip.c
@@ -27,8 +27,6 @@
 
 #include "netdissect-stdinc.h"
 
-#include <string.h>
-
 #include "netdissect.h"
 #include "addrtoname.h"
 #include "extract.h"
@@ -379,7 +377,10 @@ ip_print(netdissect_options *ndo,
        /*
         * Cut off the snapshot length to the end of the IP payload.
         */
-       nd_push_snapend(ndo, bp + len);
+       if (!nd_push_snaplen(ndo, bp, len)) {
+               (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
+                       "%s: can't push snaplen on buffer stack", __func__);
+       }
 
        len -= hlen;
 
@@ -473,8 +474,18 @@ ip_print(netdissect_options *ndo,
                                     GET_IPADDR_STRING(ip->ip_src),
                                     GET_IPADDR_STRING(ip->ip_dst));
                }
+               /*
+                * Do a bounds check before calling ip_demux_print().
+                * At least the header data is required.
+                */
+               if (!ND_TTEST_LEN((const u_char *)ip, hlen)) {
+                       ND_PRINT(" [remaining caplen(%u) < header length(%u)]",
+                                ND_BYTES_AVAILABLE_AFTER((const u_char *)ip),
+                                hlen);
+                       nd_trunc_longjmp(ndo);
+               }
                ip_demux_print(ndo, (const u_char *)ip + hlen, len, 4,
-                   off & IP_MF, GET_U_1(ip->ip_ttl), nh, bp);
+                              off & IP_MF, GET_U_1(ip->ip_ttl), nh, bp);
        } else {
                /*
                 * Ultra quiet now means that all this stuff should be
@@ -502,7 +513,6 @@ ip_print(netdissect_options *ndo,
 
 trunc:
        nd_print_trunc(ndo);
-       return;
 }
 
 void