X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/a3cfb6a87bb09f39fd00c437e6d1acdb7dfa6d06..5ee91ef4b64a56003edc9535f6445d3bba1fdffd:/print-quic.c

diff --git a/print-quic.c b/print-quic.c
index be1a5450..acdbaf6a 100644
--- a/print-quic.c
+++ b/print-quic.c
@@ -226,7 +226,8 @@ quic_print_packet(netdissect_options *ndo, const u_char *bp, const u_char *end)
 			}
 			if (packet_type == QUIC_LH_TYPE_RETRY) {
 				ND_PRINT(", token ");
-				if (end > bp && end - bp > 16) {
+				if (end > bp && end - bp > 16 &&
+				    ND_TTEST_LEN(bp, end - bp - 16)) {
 					token_length = end - bp - 16;
 					token = nd_malloc(ndo, (size_t)token_length);
 					GET_CPY_BYTES(token, bp, (size_t)token_length);
@@ -252,7 +253,8 @@ quic_print_packet(netdissect_options *ndo, const u_char *bp, const u_char *end)
 	} else {
 		/* Short Header */
 		ND_PRINT(", protected");
-		if (ND_TTEST_LEN(bp, 16)) {
+		if (end > bp && end - bp > 16 &&
+		    ND_TTEST_LEN(bp, end - bp)) {
 			struct quic_cid_array *cid_array =
 				lookup_quic_cid(bp, end - bp);
 			if (cid_array != NULL) {
@@ -270,9 +272,9 @@ quic_print_packet(netdissect_options *ndo, const u_char *bp, const u_char *end)
 }
 
 void
-quic_print(netdissect_options *ndo, const u_char *bp, const u_int len)
+quic_print(netdissect_options *ndo, const u_char *bp)
 {
-	const uint8_t *end = bp + len;
+	const uint8_t *end = bp + ND_BYTES_AVAILABLE_AFTER(bp);
 
 	ndo->ndo_protocol = "quic";
 	nd_print_protocol(ndo);