PPI: Add a length check

author Francois-Xavier Le Bail <[email protected]>

Fri, 27 Mar 2020 19:00:04 +0000 (20:00 +0100)

committer Francois-Xavier Le Bail <[email protected]>

Fri, 27 Mar 2020 19:00:04 +0000 (20:00 +0100)
author Francois-Xavier Le Bail <[email protected]>
Fri, 27 Mar 2020 19:00:04 +0000 (20:00 +0100)
committer Francois-Xavier Le Bail <[email protected]>
Fri, 27 Mar 2020 19:00:04 +0000 (20:00 +0100)
diff --git a/print-ppi.c b/print-ppi.c

index 6d901a20717f5da2b3e3cb9da2ee22d90db6c50c..04aa1893228ccb3a21e51e88a3efa6505a4b6e95 100644 (file)
--- a/print-ppi.c
+++ b/print-ppi.c
@@ -79,6 +79,13 @@ ppi_print(netdissect_options *ndo,
         hdr = (const ppi_header_t *)p;
         ND_TCHECK_2(hdr->ppi_len);
         len = GET_LE_U_2(hdr->ppi_len);
+       if (len < sizeof(ppi_header_t) || len > 65532) {
+               /* It MUST be between 8 and 65,532 inclusive (spec 3.1.3) */
+               ND_PRINT(" [length %u < %zu or > 65532]", len,
+                        sizeof(ppi_header_t));
+               nd_print_invalid(ndo);
+               return (caplen);
+       }
         if (caplen < len) {
                 /*
                  * If we don't have the entire PPI header, don't
@@ -87,10 +94,6 @@ ppi_print(netdissect_options *ndo,
                 nd_print_trunc(ndo);
                 return (caplen);
         }
-       if (len < sizeof(ppi_header_t)) {
-               nd_print_trunc(ndo);
-               return (len);
-       }
         ND_TCHECK_4(hdr->ppi_dlt);
         dlt = GET_LE_U_4(hdr->ppi_dlt);
author	Francois-Xavier Le Bail <[email protected]>
	Fri, 27 Mar 2020 19:00:04 +0000 (20:00 +0100)
committer	Francois-Xavier Le Bail <[email protected]>
	Fri, 27 Mar 2020 19:00:04 +0000 (20:00 +0100)