X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/c98ea428912fa6b8518db17074662f8e885e72a0..b0b726f497f8cac1c29c80f7f495b3b33b6054f0:/print-ip.c

diff --git a/print-ip.c b/print-ip.c
index 187d36e6..a0df9591 100644
--- a/print-ip.c
+++ b/print-ip.c
@@ -27,8 +27,6 @@
 
 #include "netdissect-stdinc.h"
 
-#include <string.h>
-
 #include "netdissect.h"
 #include "addrtoname.h"
 #include "extract.h"
@@ -473,8 +471,18 @@ ip_print(netdissect_options *ndo,
 				     GET_IPADDR_STRING(ip->ip_src),
 				     GET_IPADDR_STRING(ip->ip_dst));
 		}
+		/*
+		 * Do a bounds check before calling ip_demux_print().
+		 * At least the header data is required.
+		 */
+		if (!ND_TTEST_LEN((const u_char *)ip, hlen)) {
+			ND_PRINT(" [remaining caplen(%u) < header length(%u)]",
+				 ND_BYTES_AVAILABLE_AFTER((const u_char *)ip),
+				 hlen);
+			nd_trunc_longjmp(ndo);
+		}
 		ip_demux_print(ndo, (const u_char *)ip + hlen, len, 4,
-		    off & IP_MF, GET_U_1(ip->ip_ttl), nh, bp);
+			       off & IP_MF, GET_U_1(ip->ip_ttl), nh, bp);
 	} else {
 		/*
 		 * Ultra quiet now means that all this stuff should be
@@ -502,7 +510,6 @@ ip_print(netdissect_options *ndo,
 
 trunc:
 	nd_print_trunc(ndo);
-	return;
 }
 
 void