UDP: Add two bounds checks

author Francois-Xavier Le Bail <[email protected]>

Mon, 4 Jun 2018 11:46:02 +0000 (13:46 +0200)

committer Francois-Xavier Le Bail <[email protected]>

Mon, 4 Jun 2018 11:46:10 +0000 (13:46 +0200)
author Francois-Xavier Le Bail <[email protected]>
Mon, 4 Jun 2018 11:46:02 +0000 (13:46 +0200)
committer Francois-Xavier Le Bail <[email protected]>
Mon, 4 Jun 2018 11:46:10 +0000 (13:46 +0200)
diff --git a/print-udp.c b/print-udp.c

index ddc35157b0bb22a9d926ba6edd56a3302062536d..67d89973a252f3adca0a6804dc6e8d934ba4d0a8 100644 (file)
--- a/print-udp.c
+++ b/print-udp.c
@@ -556,6 +556,7 @@ udp_print(netdissect_options *ndo, const u_char *bp, u_int length,
                  * TCP does, and we do so for UDP-over-IPv6.
                  */
                 if (IP_V(ip) == 4 && (ndo->ndo_vflag > 1)) {
+                       ND_TCHECK_2(up->uh_sum);
                         udp_sum = EXTRACT_BE_U_2(up->uh_sum);
                         if (udp_sum == 0) {
                                 ND_PRINT("[no cksum] ");
@@ -574,6 +575,7 @@ udp_print(netdissect_options *ndo, const u_char *bp, u_int length,
                         /* for IPv6, UDP checksum is mandatory */
                         if (ND_TTEST_LEN(cp, length)) {
                                 sum = udp6_cksum(ndo, ip6, up, length + sizeof(struct udphdr));
+                               ND_TCHECK_2(up->uh_sum);
                                 udp_sum = EXTRACT_BE_U_2(up->uh_sum);
  
                                 if (sum != 0) {
author	Francois-Xavier Le Bail <[email protected]>
	Mon, 4 Jun 2018 11:46:02 +0000 (13:46 +0200)
committer	Francois-Xavier Le Bail <[email protected]>
	Mon, 4 Jun 2018 11:46:10 +0000 (13:46 +0200)