This fix an undefined behavior at runtime.
The error was:
print-ipx.c:93:43: runtime error: unsigned integer overflow: 29 - 30
cannot be represented in type 'unsigned int'
Add a test case.
ND_TCHECK_2(ipx->length);
length = EXTRACT_BE_U_2(ipx->length);
+ if (length < ipxSize) {
+ ND_PRINT("[length %u < %u]", length, ipxSize);
+ nd_print_invalid(ndo);
+ return;
+ }
ipx_decode(ndo, ipx, p + ipxSize, length - ipxSize);
return;
trunc:
# IPX/Netware packets
ipx ipx.pcap ipx.out
+# IPX/Netware invalid
+ipx-invalid-length ipx-invalid-length.pcap ipx-invalid-length.out
+
# IETF FORCES WG packets and printer
forces01 forces1.pcap forces1.out
forces01vvv forces1.pcap forces1vvv.out -v -v -v
--- /dev/null
+ 1 16:41:40.226660 IPX 0a8808aa.00:00:00:00:00:01.0451 > 8dc23c00.18:00:3e:2b:68:56.402b: [length 29 < 30] (invalid)