Use the length field in the UDP header.

If it's less than the length of the IP payload, use it as the size of
the UDP packet.  If it's greater than the length of the IP payload,
and we're not dissecting the payload, report the length as bad.

diff --git a/config.h.in b/config.h.in
index 9ee068be14feb92586bd60569219fa6d4329b51d..1361afb25f91562f34cf05382bc8c866ed05e2b4 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -261,6 +261,9 @@
 /* Define to the one symbol short name of this package. */
 #undef PACKAGE_TARNAME
 
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION
 

diff --git a/print-udp.c b/print-udp.c
index fb56be58aab688881f81004ebbb9d1b7bf08283b..cded2aefe706c9c70c3e514ab99dccec591d251e 100644 (file)
--- a/print-udp.c
+++ b/print-udp.c
@@ -378,7 +378,6 @@ udp_print(register const u_char *bp, u_int length,
        else
                ip6 = NULL;
 #endif /*INET6*/
-       cp = (u_char *)(up + 1);
        if (!TTEST(up->uh_dport)) {
                udpipaddr_print(ip, -1, -1);
                (void)printf("[|udp]");
@@ -393,20 +392,24 @@ udp_print(register const u_char *bp, u_int length,
                (void)printf("truncated-udp %d", length);
                return;
        }
-       length -= sizeof(struct udphdr);
-
-       if (cp > snapend) {
+       ulen = EXTRACT_16BITS(&up->uh_ulen);
+       if (ulen < sizeof(struct udphdr)) {
                udpipaddr_print(ip, sport, dport);
-               (void)printf("[|udp]");
+               printf("truncated-udplength %d", ulen);
                return;
        }
+       ulen -= sizeof(struct udphdr);
+       length -= sizeof(struct udphdr);
+       if (ulen < length)
+               length = ulen;
 
-       ulen = EXTRACT_16BITS(&up->uh_ulen);
-       if (ulen < 8) {
+       cp = (u_char *)(up + 1);
+       if (cp > snapend) {
                udpipaddr_print(ip, sport, dport);
-               (void)printf("truncated-udplength %d", ulen);
+               printf("[|udp]");
                return;
        }
+
        if (packettype) {
                register struct sunrpc_msg *rp;
                enum sunrpc_msg_type direction;
@@ -676,12 +679,23 @@ udp_print(register const u_char *bp, u_int length,
                        syslog_print((const u_char *)(up + 1), length);
                 else if (ISPORT(OTV_PORT))
                        otv_print((const u_char *)(up + 1), length);
-               else
-                       (void)printf("UDP, length %u",
-                           (u_int32_t)(ulen - sizeof(*up)));
+               else {
+                       if (ulen > length)
+                               printf("UDP, bad length %u > %u",
+                                   ulen, length);
+                       else
+                               printf("UDP, length %u",
+                                   (uint32_t)(ulen - sizeof(*up)));
+               }
 #undef ISPORT
-       } else
-               (void)printf("UDP, length %u", (u_int32_t)(ulen - sizeof(*up)));
+       } else {
+               if (ulen > length)
+                       printf("UDP, bad length %u > %u",
+                           ulen, length);
+               else
+                       printf("UDP, length %u",
+                           (uint32_t)(ulen - sizeof(*up)));
+       }
 }