Check whether the version field is available before looking at it.

While we're at it, use ND_TCHECK(), rather than a hand-rolled check, to
check whether we have the full fixed-length portion of the IPv4 header.

diff --git a/print-ip.c b/print-ip.c
index 3476ed7afe61a55c00a1aa650e36d00424f50310..f178fef359df5e598c3e0fe8cc82ce95e4af77ef 100644 (file)
--- a/print-ip.c
+++ b/print-ip.c
@@ -527,6 +527,7 @@ ip_print(netdissect_options *ndo,
        struct protoent *proto;
 
        ipds->ip = (const struct ip *)bp;
+       ND_TCHECK(ipds->ip->ip_vhl);
        if (IP_V(ipds->ip) != 4) { /* print version if != 4 */
            ND_PRINT((ndo, "IP%u ", IP_V(ipds->ip)));
            if (IP_V(ipds->ip) == 6)
@@ -535,10 +536,7 @@ ip_print(netdissect_options *ndo,
        else if (!ndo->ndo_eflag)
                ND_PRINT((ndo, "IP "));
 
-       if ((u_char *)(ipds->ip + 1) > ndo->ndo_snapend) {
-               ND_PRINT((ndo, "%s", tstr));
-               return;
-       }
+       ND_TCHECK(*ipds->ip);
        if (length < sizeof (struct ip)) {
                ND_PRINT((ndo, "truncated-ip %u", length));
                return;
@@ -667,6 +665,11 @@ ip_print(netdissect_options *ndo,
                                ND_PRINT((ndo, " ip-proto-%d", ipds->ip->ip_p));
                }
        }
+       return;
+
+trunc:
+       ND_PRINT((ndo, "%s", tstr));
+       return;
 }
 
 void