CVE-2016-7922/Report to our caller that dissection failed if a bounds check fails.

author Guy Harris <[email protected]>

Fri, 3 Jul 2015 20:20:28 +0000 (13:20 -0700)

committer Francois-Xavier Le Bail <[email protected]>

Wed, 18 Jan 2017 08:16:36 +0000 (09:16 +0100)
author Guy Harris <[email protected]>
Fri, 3 Jul 2015 20:20:28 +0000 (13:20 -0700)
committer Francois-Xavier Le Bail <[email protected]>
Wed, 18 Jan 2017 08:16:36 +0000 (09:16 +0100)
diff --git a/print-ah.c b/print-ah.c

index 26bc43ec24b4144c49d5816f4893926b2f300ec0..a23abb493f93c5b0060761805d1929d19ca05761 100644 (file)
--- a/print-ah.c
+++ b/print-ah.c
@@ -54,8 +54,10 @@ ah_print(netdissect_options *ndo, register const u_char *bp)
         if (ndo->ndo_vflag)
                 ND_PRINT((ndo, ",sumlen=%d", sumlen));
         ND_PRINT((ndo, ",seq=0x%x", EXTRACT_32BITS(ah + 1)));
-       if (bp + sizeof(struct ah) + sumlen > ep)
-               ND_PRINT((ndo, "[truncated]"));
+       if (!ND_TTEST2(*bp, sizeof(struct ah) + sumlen)) {
+               ND_PRINT((ndo, "[truncated]):"));
+               return -1;
+       }
         ND_PRINT((ndo, "): "));
  
         return sizeof(struct ah) + sumlen;
author	Guy Harris <[email protected]>
	Fri, 3 Jul 2015 20:20:28 +0000 (13:20 -0700)
committer	Francois-Xavier Le Bail <[email protected]>
	Wed, 18 Jan 2017 08:16:36 +0000 (09:16 +0100)