IP: Add a bounds check before calling ip_demux_print()

author Francois-Xavier Le Bail <[email protected]>

Fri, 12 Feb 2021 13:20:52 +0000 (14:20 +0100)

committer Francois-Xavier Le Bail <[email protected]>

Mon, 12 Apr 2021 19:24:22 +0000 (21:24 +0200)
author Francois-Xavier Le Bail <[email protected]>
Fri, 12 Feb 2021 13:20:52 +0000 (14:20 +0100)
committer Francois-Xavier Le Bail <[email protected]>
Mon, 12 Apr 2021 19:24:22 +0000 (21:24 +0200)
diff --git a/print-ip.c b/print-ip.c

index 7cec64041dd84ff99a46a98fe355db1c2dfa58f3..a0df95918898ff3228e760d0c07942790d3e3074 100644 (file)
--- a/print-ip.c
+++ b/print-ip.c
@@ -471,8 +471,18 @@ ip_print(netdissect_options *ndo,
                                      GET_IPADDR_STRING(ip->ip_src),
                                      GET_IPADDR_STRING(ip->ip_dst));
                 }
+               /*
+                * Do a bounds check before calling ip_demux_print().
+                * At least the header data is required.
+                */
+               if (!ND_TTEST_LEN((const u_char *)ip, hlen)) {
+                       ND_PRINT(" [remaining caplen(%u) < header length(%u)]",
+                                ND_BYTES_AVAILABLE_AFTER((const u_char *)ip),
+                                hlen);
+                       nd_trunc_longjmp(ndo);
+               }
                 ip_demux_print(ndo, (const u_char *)ip + hlen, len, 4,
-                   off & IP_MF, GET_U_1(ip->ip_ttl), nh, bp);
+                              off & IP_MF, GET_U_1(ip->ip_ttl), nh, bp);
         } else {
                 /*
                  * Ultra quiet now means that all this stuff should be
author	Francois-Xavier Le Bail <[email protected]>
	Fri, 12 Feb 2021 13:20:52 +0000 (14:20 +0100)
committer	Francois-Xavier Le Bail <[email protected]>
	Mon, 12 Apr 2021 19:24:22 +0000 (21:24 +0200)