CVE-2017-13042/HNCP: add DHCPv6-Data bounds checks

[tcpdump] / print-hncp.c

diff --git a/print-hncp.c b/print-hncp.c
index 32adafa9c0dbd03a28ae920356a0cb95b561d3fd..d0c9a3ea633416cc3557c04a8815499019ef8eae 100644 (file)
--- a/print-hncp.c
+++ b/print-hncp.c
@@ -318,6 +318,8 @@ dhcpv6_print(netdissect_options *ndo,
 
     i = 0;
     while (i < length) {
+        if (i + 4 > length)
+            return -1;
         tlv = cp + i;
         type = EXTRACT_16BITS(tlv);
         optlen = EXTRACT_16BITS(tlv + 2);
@@ -329,6 +331,8 @@ dhcpv6_print(netdissect_options *ndo,
 
         ND_PRINT((ndo, "%s", tok2str(dh6opt_str, "Unknown", type)));
         ND_PRINT((ndo," (%u)", optlen + 4 ));
+        if (i + 4 + optlen > length)
+            return -1;
 
         switch (type) {
             case DH6OPT_DNS_SERVERS: