X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/001fc8411f90713c3495a1f3fcf8c67dbd3afa1b..39d15607cad1b4b463794c1a67873f6182dc52f7:/print-dhcp6.c

diff --git a/print-dhcp6.c b/print-dhcp6.c
index 52f823df..8a119ff5 100644
--- a/print-dhcp6.c
+++ b/print-dhcp6.c
@@ -28,7 +28,7 @@
  */
 /*
  * RFC3315: DHCPv6
- * supported DHCPv6 options: 
+ * supported DHCPv6 options:
  *  RFC3319: Session Initiation Protocol (SIP) Servers options,
  *  RFC3633: IPv6 Prefix options,
  *  RFC3646: DNS Configuration options,
@@ -40,11 +40,6 @@
  *  RFC6334: Dual-Stack Lite option,
  */
 
-#ifndef lint
-static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-dhcp6.c,v 1.37 2008-02-06 10:26:09 guy Exp $";
-#endif
-
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -59,7 +54,7 @@ static const char rcsid[] _U_ =
 #include "extract.h"
 
 /* lease duration */
-#define DHCP6_DURATITION_INFINITE 0xffffffff
+#define DHCP6_DURATION_INFINITE 0xffffffff
 
 /* Error Values */
 #define DH6ERR_FAILURE		16
@@ -608,11 +603,12 @@ dhcp6opt_print(const u_char *cp, const u_char *ep)
 		case DH6OPT_SIP_SERVER_D:
 		case DH6OPT_DOMAIN_LIST:
 			tp = (u_char *)(dh6o + 1);
-			while (tp < ep) {
+			while (tp < cp + sizeof(*dh6o) + optlen) {
 				putchar(' ');
-				if((tp = ns_nprint(tp, ep)) == NULL)
+				if ((tp = ns_nprint(tp, cp + sizeof(*dh6o) + optlen)) == NULL)
 					goto trunc;
 			}
+			printf(")");
 			break;
 		case DH6OPT_STATUS_CODE:
 			if (optlen < 2) {
@@ -743,11 +739,13 @@ dhcp6opt_print(const u_char *cp, const u_char *ep)
 				break;
 			}
 			tp = (u_char *)(dh6o + 1);
-			while (tp < ep - 4) {
+			while (tp < cp + sizeof(*dh6o) + optlen - 4) {
 				subopt_code = EXTRACT_16BITS(tp);
 				tp += 2;
 				subopt_len = EXTRACT_16BITS(tp);
 				tp += 2;
+				if (tp + subopt_len > cp + sizeof(*dh6o) + optlen)
+					goto trunc;
 				printf(" subopt:%d", subopt_code);
 				switch (subopt_code) {
 				case DH6OPT_NTP_SUBOPTION_SRV_ADDR:
@@ -757,17 +755,17 @@ dhcp6opt_print(const u_char *cp, const u_char *ep)
 						break;
 					}
 					printf(" %s", ip6addr_string(&tp[0]));
-					tp += subopt_len;
 					break;
 				case DH6OPT_NTP_SUBOPTION_SRV_FQDN:
 					putchar(' ');
-					ns_nprint(tp, ep);
-					tp += subopt_len;
+					if (ns_nprint(tp, tp + subopt_len) == NULL)
+						goto trunc;
 					break;
 				default:
 					printf(" ?");
 					break;
 				}
+				tp += subopt_len;
 			}
 			printf(")");
 			break;