]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ae8ce1a)
Add some more length checking.
authorguy <guy>
Wed, 25 May 2005 22:00:00 +0000 (22:00 +0000)
committerguy <guy>
Wed, 25 May 2005 22:00:00 +0000 (22:00 +0000)
print-isoclns.c patch | blob | history

diff --git a/print-isoclns.c b/print-isoclns.c
index 15ed13e48c30b559c9b617acc55e93be856bce79..b6507a113279ae62eded852c4175996dfd51641f 100644 (file)
--- a/print-isoclns.c
+++ b/print-isoclns.c
@@ -26,7 +26,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.133.2.6 2005-05-25 07:24:32 hannes Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.133.2.7 2005-05-25 22:00:00 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -825,13 +825,19 @@ static int clnp_print (const u_int8_t *pptr, u_int length)
                     nsap_offset=*(tptr+1)-1; /* offset to nsap list */
                     tptr+=nsap_offset;
                     tlen-=nsap_offset;
                     nsap_offset=*(tptr+1)-1; /* offset to nsap list */
                     tptr+=nsap_offset;
                     tlen-=nsap_offset;
-                    while (tlen > 2) {
+                    while (tlen > 0) {
                             source_address_length=*tptr;
                             source_address_length=*tptr;
-                            source_address=(tptr+1);
-                            TCHECK2(*source_address, source_address_length);
-                            printf("\n\t    NSAP address (length %u): %s",
-                                   source_address_length,
-                                   isonsap_string(source_address, source_address_length));
+                            if (tlen < source_address_length+1) {
+                                    printf("\n\t    NSAP address goes past end of option");
+                                    break;
+                           }
+                            if (source_address_length > 0) {
+                                    source_address=(tptr+1);
+                                    TCHECK2(*source_address, source_address_length);
+                                    printf("\n\t    NSAP address (length %u): %s",
+                                           source_address_length,
+                                           isonsap_string(source_address, source_address_length));
+                            }
                             tlen-=source_address_length+1;
                     }
                     break;
                             tlen-=source_address_length+1;
                     }
                     break;
[mirror] the TCPdump network dissector