ICMPv6: Add a length check in the rpl_dio_print() function

author Francois-Xavier Le Bail <[email protected]>

Sun, 6 Feb 2022 08:59:58 +0000 (09:59 +0100)

committer Francois-Xavier Le Bail <[email protected]>

Sun, 6 Feb 2022 08:59:58 +0000 (09:59 +0100)
author Francois-Xavier Le Bail <[email protected]>
Sun, 6 Feb 2022 08:59:58 +0000 (09:59 +0100)
committer Francois-Xavier Le Bail <[email protected]>
Sun, 6 Feb 2022 08:59:58 +0000 (09:59 +0100)
diff --git a/print-icmp6.c b/print-icmp6.c

index 63c202c4eaf70e2076c8a67cdf580ef60fe3bd89..a1289e1cc43ce1f15aec9a4ab196edde326e760a 100644 (file)
--- a/print-icmp6.c
+++ b/print-icmp6.c
@@ -851,6 +851,7 @@ rpl_dio_print(netdissect_options *ndo,
  {
          const struct nd_rpl_dio *dio = (const struct nd_rpl_dio *)bp;
  
+        ND_ICHECK_ZU(length, <, sizeof(struct nd_rpl_dio));
          ND_PRINT(" [dagid:%s,seq:%u,instance:%u,rank:%u,%smop:%s,prf:%u]",
                    GET_IP6ADDR_STRING(dio->rpl_dagid),
                    GET_U_1(dio->rpl_dtsn),
@@ -865,6 +866,9 @@ rpl_dio_print(netdissect_options *ndo,
                  rpl_printopts(ndo, bp + sizeof(struct nd_rpl_dio),
                                length - sizeof(struct nd_rpl_dio));
          }
+        return;
+invalid:
+        nd_print_invalid(ndo);
  }
  
  static void
author	Francois-Xavier Le Bail <[email protected]>
	Sun, 6 Feb 2022 08:59:58 +0000 (09:59 +0100)
committer	Francois-Xavier Le Bail <[email protected]>
	Sun, 6 Feb 2022 08:59:58 +0000 (09:59 +0100)