X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/a1a4a4a6242ba4cb992bb062cf800b54051167f4..27cb3953154b4562a7f4b51be6146688531903bd:/print-chdlc.c?ds=sidebyside

diff --git a/print-chdlc.c b/print-chdlc.c
index 65437d1c..ea1a197a 100644
--- a/print-chdlc.c
+++ b/print-chdlc.c
@@ -21,7 +21,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-chdlc.c,v 1.32.2.2 2005-04-09 09:42:25 hannes Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-chdlc.c,v 1.32.2.7 2005-04-27 14:35:56 hannes Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -112,6 +112,9 @@ chdlc_if_print(const struct pcap_pkthdr *h, register const u_char *p)
 	return (CHDLC_HDRLEN);
 }
 
+/*
+ * The fixed-length portion of a SLARP packet.
+ */
 struct cisco_slarp {
 	u_int8_t code[4];
 #define SLARP_REQUEST	0
@@ -126,12 +129,12 @@ struct cisco_slarp {
 			u_int8_t myseq[4];
 			u_int8_t yourseq[4];
 			u_int8_t rel[2];
-                        u_int8_t time[0];
 		} keep;
 	} un;
 };
 
-#define SLARP_LEN	18
+#define SLARP_MIN_LEN	14
+#define SLARP_MAX_LEN	18
 
 static void
 chdlc_slarp_print(const u_char *cp, u_int length)
@@ -140,16 +143,23 @@ chdlc_slarp_print(const u_char *cp, u_int length)
         u_int sec,min,hrs,days;
 
         printf("SLARP (length: %u), ",length);
-	if (length < SLARP_LEN)
+	if (length < SLARP_MIN_LEN)
 		goto trunc;
 
 	slarp = (const struct cisco_slarp *)cp;
-	TCHECK(*slarp);
+	TCHECK2(*slarp, SLARP_MIN_LEN);
 	switch (EXTRACT_32BITS(&slarp->code)) {
 	case SLARP_REQUEST:
 		printf("request");
-                /* ok we do not know it - but lets at least dump it */
-                print_unknown_data(cp+4,"\n\t",length-4);
+		/*
+		 * At least according to William "Chops" Westfield's
+		 * message in
+		 *
+		 *	http://www.nethelp.no/net/cisco-hdlc.txt
+		 *
+		 * the address and mask aren't used in requests -
+		 * they're just zero.
+		 */
 		break;
 	case SLARP_REPLY:
 		printf("reply %s/%s",
@@ -162,8 +172,11 @@ chdlc_slarp_print(const u_char *cp, u_int length)
                        EXTRACT_32BITS(&slarp->un.keep.yourseq),
                        EXTRACT_16BITS(&slarp->un.keep.rel));
 
-                if (length >= SLARP_LEN) { /* uptime-stamp is optional */
-                        sec = EXTRACT_32BITS(&slarp->un.keep.time) / 1000;
+                if (length >= SLARP_MAX_LEN) { /* uptime-stamp is optional */
+                        cp += SLARP_MIN_LEN;
+                        if (!TTEST2(*cp, 4))
+                                goto trunc;
+                        sec = EXTRACT_32BITS(cp) / 1000;
                         min = sec / 60; sec -= min * 60;
                         hrs = min / 60; min -= hrs * 60;
                         days = hrs / 24; hrs -= days * 24;
@@ -177,8 +190,8 @@ chdlc_slarp_print(const u_char *cp, u_int length)
 		break;
 	}
 
-	if (SLARP_LEN < length && vflag)
-		printf(", (trailing junk: %d bytes)", length - SLARP_LEN);
+	if (SLARP_MAX_LEN < length && vflag)
+		printf(", (trailing junk: %d bytes)", length - SLARP_MAX_LEN);
         if (vflag > 1)
             print_unknown_data(cp+4,"\n\t",length-4);
 	return;