Check, and use, the length from the PAP header.

author guy <guy>

Wed, 20 Apr 2005 22:15:17 +0000 (22:15 +0000)

committer guy <guy>

Wed, 20 Apr 2005 22:15:17 +0000 (22:15 +0000)
author guy <guy>
Wed, 20 Apr 2005 22:15:17 +0000 (22:15 +0000)
committer guy <guy>
Wed, 20 Apr 2005 22:15:17 +0000 (22:15 +0000)
diff --git a/print-ppp.c b/print-ppp.c

index 84429012acc85fec7a04291e832ed2d07d7fd256..603dd6c40bf5c68ccb80522574f50b86eea1f110 100644 (file)
--- a/print-ppp.c
+++ b/print-ppp.c
@@ -31,7 +31,7 @@
  
  #ifndef lint
  static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-ppp.c,v 1.108 2005-04-06 21:32:42 mcr Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-ppp.c,v 1.109 2005-04-20 22:15:17 guy Exp $ (LBL)";
  #endif
  
  #ifdef HAVE_CONFIG_H
@@ -872,6 +872,16 @@ handle_pap(const u_char *p, int length)
         len = EXTRACT_16BITS(p);
         p += 2;
  
+       if ((int)len > length) {
+               printf(", length %u > packet size", len);
+               return;
+       }
+       length = len;
+       if (length < (p - p0)) {
+               printf(", length %u < PAP header length", length);
+               return;
+       }
+
         switch (code) {
         case PAP_AREQ:
                 if (length - (p - p0) < 1)