Add a length check.

diff --git a/print-esp.c b/print-esp.c
index 4d86022fc690981cac1946f0fef2bfc4fbf69418..d1231070e05b0a304b95b7edd4ab49ce272902d0 100644 (file)
--- a/print-esp.c
+++ b/print-esp.c
@@ -791,6 +791,13 @@ esp_print(netdissect_options *ndo,
        /* length of the IV, if there is one; 0, if there isn't */
        ivlen = sa->ivlen;
        secret = sa->secret;
+       /*
+        * Make sure the authentication data/integrity check value length
+        * isn't bigger than the total amount of data available and, if
+        * not, slice that off.
+        */
+       if (ep - bp < sa->authlen)
+               return;
        ep = ep - sa->authlen;
 
        if (sa->evp) {