CVE-2017-13687/CHDLC: Improve bounds and length checks.

[tcpdump] / print-dhcp6.c

diff --git a/print-dhcp6.c b/print-dhcp6.c
index 16f82542013f11d3858a3b006ba44cdc011c120d..762d9187eb0b12cd79c8a46226460198c216fd9b 100644 (file)
--- a/print-dhcp6.c
+++ b/print-dhcp6.c
@@ -304,6 +304,7 @@ dhcp6opt_print(netdissect_options *ndo,
                        goto trunc;
                opttype = EXTRACT_16BITS(&dh6o->dh6opt_type);
                ND_PRINT((ndo, " (%s", tok2str(dh6opt_str, "opt_%u", opttype)));
+               ND_TCHECK2(*(cp + sizeof(*dh6o)), optlen);
                switch (opttype) {
                case DH6OPT_CLIENTID:
                case DH6OPT_SERVERID:
@@ -731,7 +732,7 @@ dhcp6opt_print(netdissect_options *ndo,
                        while (remain_len && *tp) {
                                label_len =  *tp++;
                                if (label_len < remain_len - 1) {
-                                       fn_printn(ndo, tp, label_len, NULL);
+                                       (void)fn_printn(ndo, tp, label_len, NULL);
                                        tp += label_len;
                                        remain_len -= (label_len + 1);
                                        if(*tp) ND_PRINT((ndo, "."));
@@ -751,7 +752,7 @@ dhcp6opt_print(netdissect_options *ndo,
                        }
                        tp = (const u_char *)(dh6o + 1);
                        ND_PRINT((ndo, "="));
-                       fn_printn(ndo, tp, (u_int)optlen, NULL);
+                       (void)fn_printn(ndo, tp, (u_int)optlen, NULL);
                        ND_PRINT((ndo, ")"));
                        break;