From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Mon, 12 Feb 2018 10:34:28 +0000 (+0100)
Subject: NULL/LOOP: Add a bounds check
X-Git-Tag: tcpdump-4.99-bp~1276
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/09e85c97c83e87fd5cb0510b351b9d3fe328de78

NULL/LOOP: Add a bounds check

Moreover:
Use uint32_t type for family (32-bit integer).
Add and use tstr[].
---

diff --git a/print-null.c b/print-null.c
index 874521e2..f1067ff5 100644
--- a/print-null.c
+++ b/print-null.c
@@ -30,8 +30,11 @@
 #include <string.h>
 
 #include "netdissect.h"
+#include "extract.h"
 #include "af.h"
 
+static const char tstr[] = " [|null]";
+
 /*
  * The DLT_NULL packet header is 4 bytes long. It contains a host-byte-order
  * 32-bit integer that specifies the family, e.g. AF_INET.
@@ -77,13 +80,12 @@ null_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char
 {
 	u_int length = h->len;
 	u_int caplen = h->caplen;
-	u_int family;
+	uint32_t family;
 
-	if (caplen < NULL_HDRLEN) {
-		ND_PRINT("[|null]");
-		return (NULL_HDRLEN);
-	}
+	if (caplen < NULL_HDRLEN)
+		goto trunc;
 
+	ND_TCHECK_4(p);
 	memcpy((char *)&family, (const char *)p, sizeof(family));
 
 	/*
@@ -136,6 +138,9 @@ null_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char
 			ND_DEFAULTPRINT(p, caplen);
 	}
 
+	return (NULL_HDRLEN);
+trunc:
+	ND_PRINT("%s", tstr);
 	return (NULL_HDRLEN);
 }