Improve the bounds checking.

diff --git a/print-wb.c b/print-wb.c
index e286609b33efe29c55c9eaa0d17028cb0513cc40..db5a55016d2e0634a5a3e73d7c982124d6f9c717 100644 (file)
--- a/print-wb.c
+++ b/print-wb.c
@@ -21,7 +21,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-wb.c,v 1.30.2.2 2003-11-16 08:51:55 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-wb.c,v 1.30.2.3 2004-03-24 04:06:52 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -212,7 +212,7 @@ wb_id(const struct pkt_id *id, u_int len)
        }
 
        c = '<';
-       for (i = 0; i < nid && (u_char *)io < snapend; ++io, ++i) {
+       for (i = 0; i < nid && (u_char *)(io + 1) <= snapend; ++io, ++i) {
                printf("%c%s:%u",
                    c, ipaddr_string(&io->id), EXTRACT_32BITS(&io->off));
                c = ',';
@@ -267,7 +267,7 @@ wb_prep(const struct pkt_prep *prep, u_int len)
        }
        n = EXTRACT_32BITS(&prep->pp_n);
        ps = (const struct pgstate *)(prep + 1);
-       while (--n >= 0 && (u_char *)ps < ep) {
+       while (--n >= 0 && (u_char *)(ps + 1) <= ep) {
                const struct id_off *io, *ie;
                char c = '<';
 
@@ -276,7 +276,7 @@ wb_prep(const struct pkt_prep *prep, u_int len)
                    ipaddr_string(&ps->page.p_sid),
                    EXTRACT_32BITS(&ps->page.p_uid));
                io = (struct id_off *)(ps + 1);
-               for (ie = io + ps->nid; io < ie && (u_char *)io < ep; ++io) {
+               for (ie = io + ps->nid; io < ie && (u_char *)(io + 1) <= ep; ++io) {
                        printf("%c%s:%u", c, ipaddr_string(&io->id),
                            EXTRACT_32BITS(&io->off));
                        c = ',';