LDP: Fix an undefined behavior at runtime

author Francois-Xavier Le Bail <[email protected]>

Sun, 18 Aug 2019 12:55:11 +0000 (14:55 +0200)

committer Francois-Xavier Le Bail <[email protected]>

Sun, 18 Aug 2019 13:17:07 +0000 (15:17 +0200)
author Francois-Xavier Le Bail <[email protected]>
Sun, 18 Aug 2019 12:55:11 +0000 (14:55 +0200)
committer Francois-Xavier Le Bail <[email protected]>
Sun, 18 Aug 2019 13:17:07 +0000 (15:17 +0200)
diff --git a/print-ldp.c b/print-ldp.c

index 680a7e1e8fc135824dc746e4f367f0c7a83bc579..49379f0dac7e1a8ba56896b9f16edaff8f8a88f4 100644 (file)
--- a/print-ldp.c
+++ b/print-ldp.c
@@ -211,7 +211,7 @@ static const struct tok ldp_fec_martini_ifparm_vccv_cv_values[] = {
      { 0, NULL}
  };
  
-static int ldp_pdu_print(netdissect_options *, const u_char *);
+static u_int ldp_pdu_print(netdissect_options *, const u_char *);
  
  /*
   * ldp tlv header
@@ -547,19 +547,24 @@ void
  ldp_print(netdissect_options *ndo,
            const u_char *pptr, u_int len)
  {
-    int processed;
+    u_int processed;
  
      ndo->ndo_protocol = "ldp";
      while (len > (sizeof(struct ldp_common_header) + sizeof(struct ldp_msg_header))) {
          processed = ldp_pdu_print(ndo, pptr);
          if (processed == 0)
              return;
+        if (len < processed) {
+            ND_PRINT(" [remaining length %u < %u]", len, processed);
+            nd_print_invalid(ndo);
+            break;
+        }
          len -= processed;
          pptr += processed;
      }
  }
  
-static int
+static u_int
  ldp_pdu_print(netdissect_options *ndo,
                const u_char *pptr)
  {
author	Francois-Xavier Le Bail <[email protected]>
	Sun, 18 Aug 2019 12:55:11 +0000 (14:55 +0200)
committer	Francois-Xavier Le Bail <[email protected]>
	Sun, 18 Aug 2019 13:17:07 +0000 (15:17 +0200)