From: hannes Date: Tue, 3 May 2005 08:21:09 +0000 (+0000) Subject: add boundary, infinite loop checks X-Git-Tag: tcpdump-4.0.0~441 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/1ee09c1510704191a14df4eb914dba3d5dc9ab58 add boundary, infinite loop checks --- diff --git a/print-ldp.c b/print-ldp.c index 5fc1f72b..f7437440 100644 --- a/print-ldp.c +++ b/print-ldp.c @@ -16,7 +16,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-ldp.c,v 1.12 2005-04-27 19:16:21 guy Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ldp.c,v 1.13 2005-05-03 08:21:09 hannes Exp $"; #endif #ifdef HAVE_CONFIG_H @@ -352,14 +352,23 @@ ldp_tlv_print(register const u_char *tptr) { case LDP_FEC_HOSTADDRESS: break; case LDP_FEC_MARTINI_VC: + if (!TTEST2(*tptr, 11)) + goto trunc; vc_info_len = *(tptr+2); + printf(": %s, %scontrol word, group-ID %u, VC-ID %u, VC-info-length: %u", tok2str(l2vpn_encaps_values, "Unknown", EXTRACT_16BITS(tptr)&0x7fff), EXTRACT_16BITS(tptr)&0x8000 ? "" : "no ", EXTRACT_32BITS(tptr+3), EXTRACT_32BITS(tptr+7), vc_info_len); + + if (vc_info_len == 0) /* infinite loop protection */ + break; + tptr+=11; + if (!TTEST2(*tptr, vc_info_len)) + goto trunc; while (vc_info_len > 2) { vc_info_tlv_type = *tptr; @@ -463,6 +472,10 @@ ldp_tlv_print(register const u_char *tptr) { break; } return(tlv_len+4); /* Type & Length fields not included */ + +trunc: + printf("\n\t\t packet exceeded snapshot"); + return 0; } void