L2TP: Add a bounds check

author Francois-Xavier Le Bail <[email protected]>

Sun, 14 Feb 2021 10:35:40 +0000 (11:35 +0100)

committer Francois-Xavier Le Bail <[email protected]>

Mon, 12 Apr 2021 19:48:56 +0000 (21:48 +0200)
author Francois-Xavier Le Bail <[email protected]>
Sun, 14 Feb 2021 10:35:40 +0000 (11:35 +0100)
committer Francois-Xavier Le Bail <[email protected]>
Mon, 12 Apr 2021 19:48:56 +0000 (21:48 +0200)
diff --git a/print-l2tp.c b/print-l2tp.c

index 8377d3a796329ad3e517b44bc3474f7960613877..940aa2b662f24715756a11180f7398f3db702a80 100644 (file)
--- a/print-l2tp.c
+++ b/print-l2tp.c
@@ -806,6 +806,8 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length)
  
         if (flag_o) {   /* Offset Size */
                 pad =  GET_BE_U_2(ptr);
+               /* Offset padding octets in packet buffer? */
+               ND_TCHECK_LEN(ptr + 2, pad);
                 ptr += (2 + pad);
                 cnt += (2 + pad);
         }
@@ -851,4 +853,7 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length)
                 ppp_print(ndo, ptr, length - cnt);
                 ND_PRINT("}");
         }
+       return;
+trunc:
+       nd_print_trunc(ndo);
  }
author	Francois-Xavier Le Bail <[email protected]>
	Sun, 14 Feb 2021 10:35:40 +0000 (11:35 +0100)
committer	Francois-Xavier Le Bail <[email protected]>
	Mon, 12 Apr 2021 19:48:56 +0000 (21:48 +0200)