isis: add some additional length checks.

Make sure the length in question is big enough before fetching data and
subtracting from it.

diff --git a/print-isoclns.c b/print-isoclns.c
index b5943cc7fdf50de8067b96d5a5fd6ed5243351e7..3859c8ffc6af252b4f8b57968fdd26dfa6dab8fd 100644 (file)
--- a/print-isoclns.c
+++ b/print-isoclns.c
@@ -1921,10 +1921,14 @@ isis_print_ip_reach_subtlv(netdissect_options *ndo,
            algo = GET_U_1(tptr+1);
 
            if (flags & ISIS_PREFIX_SID_FLAG_V) {
+               if (subl < 5)
+                   goto trunc;
                sid = GET_BE_U_3(tptr+2);
                tptr+=5;
                subl-=5;
            } else {
+               if (subl < 6)
+                   goto trunc;
                sid = GET_BE_U_4(tptr+2);
                tptr+=6;
                subl-=6;