And add checks of the NSAP offset.

diff --git a/print-isoclns.c b/print-isoclns.c
index b6507a113279ae62eded852c4175996dfd51641f..ac3269c68a8b44327ae185762810c38622be716d 100644 (file)
--- a/print-isoclns.c
+++ b/print-isoclns.c
@@ -26,7 +26,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.133.2.7 2005-05-25 22:00:00 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.133.2.8 2005-05-25 22:06:41 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -822,7 +822,16 @@ static int clnp_print (const u_int8_t *pptr, u_int length)
                     printf("%s %s",
                            tok2str(clnp_option_sr_rr_values,"Unknown",*tptr),
                            tok2str(clnp_option_sr_rr_string_values,"Unknown Option %u",op));
-                    nsap_offset=*(tptr+1)-1; /* offset to nsap list */
+                    nsap_offset=*(tptr+1);
+                    if (nsap_offset == 0) {
+                            printf(" Bad NSAP offset (0)");
+                            break;
+                    }
+                    nsap_offset-=1; /* offset to nsap list */
+                    if (nsap_offset > tlen) {
+                            printf(" Bad NSAP offset (past end of option)");
+                            break;
+                    }
                     tptr+=nsap_offset;
                     tlen-=nsap_offset;
                     while (tlen > 0) {