Add some bounds checks for the source routing information.

author Guy Harris <[email protected]>

Sun, 21 Feb 2010 19:29:46 +0000 (11:29 -0800)

committer Guy Harris <[email protected]>

Sun, 21 Feb 2010 19:29:46 +0000 (11:29 -0800)
author Guy Harris <[email protected]>
Sun, 21 Feb 2010 19:29:46 +0000 (11:29 -0800)
committer Guy Harris <[email protected]>
Sun, 21 Feb 2010 19:29:46 +0000 (11:29 -0800)
diff --git a/print-token.c b/print-token.c

index 6a1b95da00d14b3ad85105471cf556599832785a..4f8422b5ab1b096c0e9a4cc4eee5813936c590c3 100644 (file)
--- a/print-token.c
+++ b/print-token.c
@@ -127,7 +127,16 @@ token_print(const u_char *p, u_int length, u_int caplen)
                 if (eflag)
                         token_hdr_print(trp, length, ESRC(&ehdr), EDST(&ehdr));
  
+               if (caplen < TOKEN_HDRLEN + 2) {
+                       printf("[|token-ring]");
+                       return hdr_len;
+               }
                 route_len = RIF_LENGTH(trp);
+               hdr_len += route_len;
+               if (caplen < hdr_len) {
+                       printf("[|token-ring]");
+                       return hdr_len;
+               }
                 if (vflag) {
                         printf("%s ", broadcast_indicator[BROADCAST(trp)]);
                         printf("%s", direction[DIRECTION(trp)]);
@@ -148,7 +157,6 @@ token_print(const u_char *p, u_int length, u_int caplen)
         }
  
         /* Skip over token ring MAC header and routing information */
-       hdr_len += route_len;
         length -= hdr_len;
         p += hdr_len;
         caplen -= hdr_len;
author	Guy Harris <[email protected]>
	Sun, 21 Feb 2010 19:29:46 +0000 (11:29 -0800)
committer	Guy Harris <[email protected]>
	Sun, 21 Feb 2010 19:29:46 +0000 (11:29 -0800)