X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/4f15e3afd16092b566d71ca2817e8931ec320920..296d466cd6bbf2f7e75e15bb6a01268e88c76ed0:/print-ospf6.c

diff --git a/print-ospf6.c b/print-ospf6.c
index 29014d74..3a227c3e 100644
--- a/print-ospf6.c
+++ b/print-ospf6.c
@@ -23,9 +23,7 @@
 
 /* \summary: IPv6 Open Shortest Path First (OSPFv3) printer */
 
-#ifdef HAVE_CONFIG_H
 #include <config.h>
-#endif
 
 #include "netdissect-stdinc.h"
 
@@ -381,21 +379,30 @@ ospf6_print_ls_type(netdissect_options *ndo,
                ls_type & LS_TYPE_MASK,
                tok2str(ospf6_ls_scope_values, "Unknown", ls_type & LS_SCOPE_MASK),
                ls_type &0x8000 ? ", transitive" : "", /* U-bit */
-               GET_IPADDR_STRING((const u_char *)ls_stateid));
+               GET_IPADDR_STRING(ls_stateid));
 }
 
 static int
 ospf6_print_lshdr(netdissect_options *ndo,
                   const struct lsa6_hdr *lshp, const u_char *dataend)
 {
+	u_int ls_length;
+
 	if ((const u_char *)(lshp + 1) > dataend)
 		goto trunc;
 
-	ND_PRINT("\n\t  Advertising Router %s, seq 0x%08x, age %us, length %u",
-               GET_IPADDR_STRING(lshp->ls_router),
-               GET_BE_U_4(lshp->ls_seq),
-               GET_BE_U_2(lshp->ls_age),
-               GET_BE_U_2(lshp->ls_length)-(u_int)sizeof(struct lsa6_hdr));
+	ls_length = GET_BE_U_2(lshp->ls_length);
+	if (ls_length < sizeof(struct lsa_hdr)) {
+		ND_PRINT("\n\t	  Bogus length %u < header (%zu)", ls_length,
+		    sizeof(struct lsa_hdr));
+		goto trunc;
+	}
+
+	ND_PRINT("\n\t  Advertising Router %s, seq 0x%08x, age %us, length %zu",
+		 GET_IPADDR_STRING(lshp->ls_router),
+		 GET_BE_U_4(lshp->ls_seq),
+		 GET_BE_U_2(lshp->ls_age),
+		 ls_length-sizeof(struct lsa6_hdr));
 
 	ospf6_print_ls_type(ndo, GET_BE_U_2(lshp->ls_type),
 			    &lshp->ls_stateid);
@@ -425,9 +432,8 @@ ospf6_print_lsaprefix(netdissect_options *ndo,
 	if (lsa_length < wordlen * 4)
 		goto trunc;
 	lsa_length -= wordlen * 4;
-	ND_TCHECK_LEN(lsapp->lsa_p_prefix, wordlen * 4);
 	memset(prefix, 0, sizeof(prefix));
-	memcpy(prefix, lsapp->lsa_p_prefix, wordlen * 4);
+	GET_CPY_BYTES(prefix, lsapp->lsa_p_prefix, wordlen * 4);
 	ND_PRINT("\n\t\t%s/%u", ip6addr_string(ndo, prefix), /* local buffer, not packet data; don't use GET_IP6ADDR_STRING() */
 		 GET_U_1(lsapp->lsa_p_len));
         if (GET_U_1(lsapp->lsa_p_opt)) {
@@ -553,8 +559,7 @@ ospf6_print_lsa(netdissect_options *ndo,
 			if (lsa_length < sizeof (*ap))
 				return (1);
 			lsa_length -= sizeof (*ap);
-			ND_TCHECK_SIZE(ap);
-			ND_PRINT("\n\t\t%s", GET_IPADDR_STRING(*ap));
+			ND_PRINT("\n\t\t%s", GET_IPADDR_STRING(ap));
 			++ap;
 		}
 		break;
@@ -736,7 +741,7 @@ ospf6_decode_v3(netdissect_options *ndo,
 	const struct lsr6 *lsrp;
 	const struct lsa6_hdr *lshp;
 	const struct lsa6 *lsap;
-	int i;
+	uint32_t i;
 
 	switch (GET_U_1(op->ospf6_type)) {
 
@@ -763,8 +768,7 @@ ospf6_decode_v3(netdissect_options *ndo,
 			ND_PRINT("\n\t  Neighbor List:");
 			ap = hellop->hello_neighbor;
 			while ((const u_char *)ap < dataend) {
-				ND_TCHECK_SIZE(ap);
-				ND_PRINT("\n\t    %s", GET_IPADDR_STRING(*ap));
+				ND_PRINT("\n\t    %s", GET_IPADDR_STRING(ap));
 				++ap;
 			}
 		}