From: guy <guy>
Date: Mon, 5 Sep 2005 18:20:15 +0000 (+0000)
Subject: But the PDU length checks back, so "tmp" doesn't go negative.
X-Git-Tag: tcpdump-4.0.0~335
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/1c47cfa81ac565efc7831fc9584fafa1fc8c8a1e

But the PDU length checks back, so "tmp" doesn't go negative.

At least as I read RFC 3847, you won't get a system ID without the
remaining hold time field; after printing the flags field, check whether
there's anything else after the flag field and, if not, quit, otherwise
print the remaining hold time field and, if present, the system ID field.
---

diff --git a/print-isoclns.c b/print-isoclns.c
index d52c6553..2f66d40c 100644
--- a/print-isoclns.c
+++ b/print-isoclns.c
@@ -26,7 +26,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.150 2005-09-05 11:12:33 hannes Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.151 2005-09-05 18:20:15 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -2493,22 +2493,27 @@ static int isis_print (const u_int8_t *p, u_int length)
 
 	case ISIS_TLV_RESTART_SIGNALING:
             /* first attempt to decode the flags */
+            if (tmp < ISIS_TLV_RESTART_SIGNALING_FLAGLEN)
+                break;
             if (!TTEST2(*tptr, ISIS_TLV_RESTART_SIGNALING_FLAGLEN))
                 goto trunctlv;
             printf("\n\t      Flags [%s]",
                    bittok2str(isis_restart_flag_values, "none", *tptr));
-	    tptr+=1;
-            tmp-=1;
+            tptr+=ISIS_TLV_RESTART_SIGNALING_FLAGLEN;
+            tmp-=ISIS_TLV_RESTART_SIGNALING_FLAGLEN;
 
-            /* is there an additional remaining holdtime */
-            if (tmp >= ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN) {
-                    if (!TTEST2(*tptr, ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN))
-                            goto trunctlv;
+            /* is there anything other than the flags field? */
+            if (tmp == 0)
+                break;
 
-                    printf(", Remaining holding time %us", EXTRACT_16BITS(tptr+1));
-                    tptr+=2;
-                    tmp-=2;
-            }
+            if (tmp < ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN)
+                break;
+            if (!TTEST2(*tptr, ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN))
+                goto trunctlv;
+
+            printf(", Remaining holding time %us", EXTRACT_16BITS(tptr+1));
+            tptr+=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN;
+            tmp-=ISIS_TLV_RESTART_SIGNALING_HOLDTIMELEN;
 
             /* is there an additional sysid field present ?*/
             if (tmp == SYSTEM_ID_LEN) {