CVE-2017-5203/BOOTP: Add a bounds check

author Francois-Xavier Le Bail <[email protected]>

Fri, 23 Dec 2016 20:53:26 +0000 (21:53 +0100)

committer Francois-Xavier Le Bail <[email protected]>

Wed, 18 Jan 2017 08:16:41 +0000 (09:16 +0100)
author Francois-Xavier Le Bail <[email protected]>
Fri, 23 Dec 2016 20:53:26 +0000 (21:53 +0100)
committer Francois-Xavier Le Bail <[email protected]>
Wed, 18 Jan 2017 08:16:41 +0000 (09:16 +0100)
diff --git a/print-bootp.c b/print-bootp.c

index 26ac0de92c67c23296f4747cb0501875689db3c3..fe798a0483da50311042ed48a93856a7a7f2272d 100644 (file)
--- a/print-bootp.c
+++ b/print-bootp.c
@@ -293,6 +293,7 @@ bootp_print(netdissect_options *ndo,
         ND_PRINT((ndo, "BOOTP/DHCP, %s",
                   tok2str(bootp_op_values, "unknown (0x%02x)", bp->bp_op)));
  
+       ND_TCHECK(bp->bp_hlen);
         if (bp->bp_htype == 1 && bp->bp_hlen == 6 && bp->bp_op == BOOTPREQUEST) {
                 ND_TCHECK2(bp->bp_chaddr[0], 6);
                 ND_PRINT((ndo, " from %s", etheraddr_string(ndo, bp->bp_chaddr)));
author	Francois-Xavier Le Bail <[email protected]>
	Fri, 23 Dec 2016 20:53:26 +0000 (21:53 +0100)
committer	Francois-Xavier Le Bail <[email protected]>
	Wed, 18 Jan 2017 08:16:41 +0000 (09:16 +0100)