]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ba983e3)
VTP: Add bounds checks
authorFrancois-Xavier Le Bail <[email protected]>
Sat, 21 Nov 2015 13:23:44 +0000 (14:23 +0100)
committerFrancois-Xavier Le Bail <[email protected]>
Sat, 21 Nov 2015 13:25:36 +0000 (14:25 +0100)
print-vtp.c patch | blob | history

diff --git a/print-vtp.c b/print-vtp.c
index ce8cdac71b34fb0595d0dc3222fc1b4bbe9b64e6..854bc49d3d297ed78b4371f658750fcc4ed105eb 100644 (file)
--- a/print-vtp.c
+++ b/print-vtp.c
@@ -176,15 +176,18 @@ vtp_print (netdissect_options *ndo,
         *
         */
 
+       ND_TCHECK2(*tptr, 8);
        ND_PRINT((ndo, "\n\t  Config Rev %x, Updater %s",
               EXTRACT_32BITS(tptr),
               ipaddr_string(ndo, tptr+4)));
        tptr += 8;
+       ND_TCHECK2(*tptr, VTP_UPDATE_TIMESTAMP_LEN);
        ND_PRINT((ndo, ", Timestamp 0x%08x 0x%08x 0x%08x",
               EXTRACT_32BITS(tptr),
               EXTRACT_32BITS(tptr + 4),
               EXTRACT_32BITS(tptr + 8)));
        tptr += VTP_UPDATE_TIMESTAMP_LEN;
+       ND_TCHECK2(*tptr, VTP_MD5_DIGEST_LEN);
        ND_PRINT((ndo, ", MD5 digest: %08x%08x%08x%08x",
               EXTRACT_32BITS(tptr),
               EXTRACT_32BITS(tptr + 4),
@@ -242,6 +245,7 @@ vtp_print (netdissect_options *ndo,
            ND_TCHECK2(*tptr, len);
 
            vtp_vlan = (const struct vtp_vlan_*)tptr;
+           ND_TCHECK(*vtp_vlan);
            ND_PRINT((ndo, "\n\tVLAN info status %s, type %s, VLAN-id %u, MTU %u, SAID 0x%08x, Name ",
                   tok2str(vtp_vlan_status,"Unknown",vtp_vlan->status),
                   tok2str(vtp_vlan_type_values,"Unknown",vtp_vlan->type),
@@ -347,6 +351,7 @@ vtp_print (netdissect_options *ndo,
         *
         */
 
+       ND_TCHECK2(*tptr, 4);
        ND_PRINT((ndo, "\n\tStart value: %u", EXTRACT_32BITS(tptr)));
        break;
 
[mirror] the TCPdump network dissector