X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/38700c7f24646dfbc6ac0ed529d3ed727c545cd0..f152c1268f28fc84d15d364b742f500e12374b33:/print-ppp.c diff --git a/print-ppp.c b/print-ppp.c index d9bca84c..ee8239c7 100644 --- a/print-ppp.c +++ b/print-ppp.c @@ -22,6 +22,8 @@ * complete PPP support. */ +/* \summary: Point to Point Protocol (PPP) printer */ + /* * TODO: * o resolve XXX as much as possible @@ -33,7 +35,7 @@ #include "config.h" #endif -#include +#include #ifdef __bsdi__ #include @@ -42,7 +44,7 @@ #include -#include "interface.h" +#include "netdissect.h" #include "extract.h" #include "addrtoname.h" #include "ppp.h" @@ -942,6 +944,9 @@ handle_pap(netdissect_options *ndo, switch (code) { case PAP_AREQ: + /* A valid Authenticate-Request is 6 or more octets long. */ + if (len < 6) + goto trunc; if (length - (p - p0) < 1) return; ND_TCHECK(*p); @@ -970,6 +975,13 @@ handle_pap(netdissect_options *ndo, break; case PAP_AACK: case PAP_ANAK: + /* Although some implementations ignore truncation at + * this point and at least one generates a truncated + * packet, RFC 1334 section 2.2.2 clearly states that + * both AACK and ANAK are at least 5 bytes long. + */ + if (len < 5) + goto trunc; if (length - (p - p0) < 1) return; ND_TCHECK(*p); @@ -1669,6 +1681,11 @@ ppp_hdlc_if_print(netdissect_options *ndo, return (chdlc_if_print(ndo, h, p)); default: + if (caplen < 4) { + ND_PRINT((ndo, "[|ppp]")); + return (caplen); + } + if (ndo->ndo_eflag) ND_PRINT((ndo, "%02x %02x %d ", p[0], p[1], length)); p += 2;