X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/49b23c5a9b0198bb382dcf43c458d46fcf2fa809..refs/heads/tcpdump-4.9:/print-chdlc.c

diff --git a/print-chdlc.c b/print-chdlc.c
index b5ed67db..24acfbd2 100644
--- a/print-chdlc.c
+++ b/print-chdlc.c
@@ -46,21 +46,18 @@ static const struct tok chdlc_cast_values[] = {
 u_int
 chdlc_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p)
 {
-	register u_int length = h->len;
-	register u_int caplen = h->caplen;
-
-	if (caplen < CHDLC_HDRLEN) {
-		ND_PRINT((ndo, "[|chdlc]"));
-		return (caplen);
-	}
-        return (chdlc_print(ndo, p,length));
+	return chdlc_print(ndo, p, h->len);
 }
 
 u_int
 chdlc_print(netdissect_options *ndo, register const u_char *p, u_int length)
 {
 	u_int proto;
+	const u_char *bp = p;
 
+	if (length < CHDLC_HDRLEN)
+		goto trunc;
+	ND_TCHECK2(*p, CHDLC_HDRLEN);
 	proto = EXTRACT_16BITS(&p[2]);
 	if (ndo->ndo_eflag) {
                 ND_PRINT((ndo, "%s, ethertype %s (0x%04x), length %u: ",
@@ -94,12 +91,15 @@ chdlc_print(netdissect_options *ndo, register const u_char *p, u_int length)
 		break;
         case ETHERTYPE_ISO:
                 /* is the fudge byte set ? lets verify by spotting ISO headers */
+                if (length < 2)
+                    goto trunc;
+                ND_TCHECK_16BITS(p);
                 if (*(p+1) == 0x81 ||
                     *(p+1) == 0x82 ||
                     *(p+1) == 0x83)
-                    isoclns_print(ndo, p + 1, length - 1, length - 1);
+                    isoclns_print(ndo, p + 1, length - 1);
                 else
-                    isoclns_print(ndo, p, length, length);
+                    isoclns_print(ndo, p, length);
                 break;
 	default:
                 if (!ndo->ndo_eflag)
@@ -108,6 +108,10 @@ chdlc_print(netdissect_options *ndo, register const u_char *p, u_int length)
 	}
 
 	return (CHDLC_HDRLEN);
+
+trunc:
+	ND_PRINT((ndo, "[|chdlc]"));
+	return ndo->ndo_snapend - bp;
 }
 
 /*