L2TP: Add a bounds check

author Francois-Xavier Le Bail <[email protected]>

Sun, 14 Feb 2021 10:35:40 +0000 (11:35 +0100)

committer Francois-Xavier Le Bail <[email protected]>

Sun, 14 Feb 2021 10:40:25 +0000 (11:40 +0100)
author Francois-Xavier Le Bail <[email protected]>
Sun, 14 Feb 2021 10:35:40 +0000 (11:35 +0100)
committer Francois-Xavier Le Bail <[email protected]>
Sun, 14 Feb 2021 10:40:25 +0000 (11:40 +0100)
diff --git a/print-l2tp.c b/print-l2tp.c

index 184ff752d67255f1696c9b259e343e534fdc9c8f..024705f821ba5e1e25299bcb169a921f3f6355b4 100644 (file)
--- a/print-l2tp.c
+++ b/print-l2tp.c
@@ -807,6 +807,8 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length)
  
         if (flag_o) {   /* Offset Size */
                 pad =  GET_BE_U_2(ptr);
+               /* Offset padding octets in packet buffer? */
+               ND_TCHECK_LEN(ptr + 2, pad);
                 ptr += (2 + pad);
                 cnt += (2 + pad);
         }
author	Francois-Xavier Le Bail <[email protected]>
	Sun, 14 Feb 2021 10:35:40 +0000 (11:35 +0100)
committer	Francois-Xavier Le Bail <[email protected]>
	Sun, 14 Feb 2021 10:40:25 +0000 (11:40 +0100)