FRF.16: Add a length check before the bounds check

author Francois-Xavier Le Bail <[email protected]>

Mon, 28 Oct 2019 09:04:12 +0000 (10:04 +0100)

committer Francois-Xavier Le Bail <[email protected]>

Mon, 28 Oct 2019 09:20:55 +0000 (10:20 +0100)
author Francois-Xavier Le Bail <[email protected]>
Mon, 28 Oct 2019 09:04:12 +0000 (10:04 +0100)
committer Francois-Xavier Le Bail <[email protected]>
Mon, 28 Oct 2019 09:20:55 +0000 (10:20 +0100)
diff --git a/print-fr.c b/print-fr.c

index a7ea98a1556d5854bdc2df81d983f10c4dd34b4b..59d394171c6276b34279ca860f4d9f3305921feb 100644 (file)
--- a/print-fr.c
+++ b/print-fr.c
@@ -458,7 +458,13 @@ mfr_print(netdissect_options *ndo,
   */
  
      ndo->ndo_protocol = "mfr";
-    ND_TCHECK_4(p); /* minimum frame header length */
+
+    if (length < 4) {  /* minimum frame header length */
+        ND_PRINT("[length %u < 4]", length);
+        nd_print_invalid(ndo);
+        return length;
+    }
+    ND_TCHECK_4(p);
  
      if ((GET_U_1(p) & MFR_BEC_MASK) == MFR_CTRL_FRAME && GET_U_1(p + 1) == 0) {
          ND_PRINT("FRF.16 Control, Flags [%s], %s, length %u",
author	Francois-Xavier Le Bail <[email protected]>
	Mon, 28 Oct 2019 09:04:12 +0000 (10:04 +0100)
committer	Francois-Xavier Le Bail <[email protected]>
	Mon, 28 Oct 2019 09:20:55 +0000 (10:20 +0100)