ICMPv6: Fix printing the Home Agent Address Discovery Reply Message

This change avoids incorrect truncation printing (" [|icmp6]") avoiding
any attempt to get an IPv6 address past the end of the packet data.
It also avoids a pointer overflow with a 32-bit build that stopped IPv6
addresses printing.
(When length is big, e.g. Jumbo Payload).

diff --git a/print-icmp6.c b/print-icmp6.c
index d1c2a519551823bcd403d70c3fd62fa8aee5d511..11ccfdc574f34506d202734675a6d9bc7fca8878 100644 (file)
--- a/print-icmp6.c
+++ b/print-icmp6.c
@@ -1253,7 +1253,8 @@ icmp6_print(netdissect_options *ndo,
 
                        ND_PRINT(", id 0x%04x",
                                 GET_BE_U_2(dp->icmp6_data16[0]));
-                       cp = (const u_char *)dp + length;
+                       cp = (const u_char *)dp +
+                               ND_MIN(length, ND_BYTES_AVAILABLE_AFTER(dp));
                        p = (const u_char *)(dp + 1);
                        while (p < cp) {
                                ND_PRINT(", %s", GET_IP6ADDR_STRING(p));