]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 69c0a4b)
IPX: Add two length checks
authorFrancois-Xavier Le Bail <[email protected]>
Sat, 6 Nov 2021 15:58:42 +0000 (16:58 +0100)
committerFrancois-Xavier Le Bail <[email protected]>
Mon, 29 Nov 2021 13:11:12 +0000 (14:11 +0100)
This change fixes some undefined behaviors at runtime.

The errors were like:
print-ipx.c:160:12: runtime error: unsigned integer overflow:
  1 - 2 cannot be represented in type 'unsigned int'
print-ipx.c:233:12: runtime error: unsigned integer overflow:
  1 - 2 cannot be represented in type 'unsigned int'

print-ipx.c patch | blob | history

diff --git a/print-ipx.c b/print-ipx.c
index c16a8673448781c4725fc6d3525ab1c39a246cf0..f8c0ce7c221340cf8fc2e2a2d4b3cf6fbe1f63d8 100644 (file)
--- a/print-ipx.c
+++ b/print-ipx.c
@@ -156,6 +156,7 @@ ipx_sap_print(netdissect_options *ndo, const u_char *ipx, u_int length)
     int command, i;
 
     command = GET_BE_U_2(ipx);
+    ND_LCHECK_U(length, 2);
     ipx += 2;
     length -= 2;
 
@@ -229,6 +230,7 @@ ipx_rip_print(netdissect_options *ndo, const u_char *ipx, u_int length)
     int command, i;
 
     command = GET_BE_U_2(ipx);
+    ND_LCHECK_U(length, 2);
     ipx += 2;
     length -= 2;
 
[mirror] the TCPdump network dissector