X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/8ce37b54edb27294047ad059350eada8d17e6909..refs/pull/1034/head:/print-quic.c

diff --git a/print-quic.c b/print-quic.c
index d6963b77..eb8120b2 100644
--- a/print-quic.c
+++ b/print-quic.c
@@ -164,7 +164,7 @@ quic_print_packet(netdissect_options *ndo, const u_char *bp, const u_char *end)
 	bp += 1;
 	if (first_octet & 0x80) {
 		/* Long Header */
-		packet_type = (first_octet >> 4) & 0x02;
+		packet_type = (first_octet >> 4) & 0x03;
 		version = GET_BE_U_4(bp);
 		bp += 4;
 
@@ -226,7 +226,8 @@ quic_print_packet(netdissect_options *ndo, const u_char *bp, const u_char *end)
 			}
 			if (packet_type == QUIC_LH_TYPE_RETRY) {
 				ND_PRINT(", token ");
-				if (end > bp && end - bp > 16) {
+				if (end > bp && end - bp > 16 &&
+				    ND_TTEST_LEN(bp, end - bp - 16)) {
 					token_length = end - bp - 16;
 					token = nd_malloc(ndo, (size_t)token_length);
 					GET_CPY_BYTES(token, bp, (size_t)token_length);
@@ -252,7 +253,8 @@ quic_print_packet(netdissect_options *ndo, const u_char *bp, const u_char *end)
 	} else {
 		/* Short Header */
 		ND_PRINT(", protected");
-		if (ND_TTEST_LEN(bp, 16)) {
+		if (end > bp && end - bp > 16 &&
+		    ND_TTEST_LEN(bp, end - bp)) {
 			struct quic_cid_array *cid_array =
 				lookup_quic_cid(bp, end - bp);
 			if (cid_array != NULL) {