From: Guy Harris <guy@alum.mit.edu>
Date: Sat, 19 Apr 2014 00:43:09 +0000 (-0700)
Subject: Squelch a Coverity warning.
X-Git-Tag: tcpdump-4.6.0~75
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/20ecf8fafef38b838e60073f7ea35ee85ade5070?hp=6dd7f298c0fef93a15b543ac789cede31548e5e0

Squelch a Coverity warning.

Make the lsa_p_prefix field as large as the largest possible prefix, so
that Coverity doesn't complain about going past the end of an array.
---

diff --git a/print-ospf6.c b/print-ospf6.c
index 1a89bd68..fcc910bd 100644
--- a/print-ospf6.c
+++ b/print-ospf6.c
@@ -130,11 +130,14 @@ struct lsa6_hdr {
     u_int16_t ls_length;
 };
 
+/* Length of an IPv6 address, in bytes. */
+#define IPV6_ADDR_LEN_BYTES (128/8)
+
 struct lsa6_prefix {
     u_int8_t lsa_p_len;
     u_int8_t lsa_p_opt;
     u_int16_t lsa_p_metric;
-    u_int8_t lsa_p_prefix[4];
+    u_int8_t lsa_p_prefix[IPV6_ADDR_LEN_BYTES]; /* maximum length */
 };
 
 /* link state advertisement */
@@ -416,10 +419,10 @@ ospf6_print_lsaprefix(netdissect_options *ndo,
 	u_int wordlen;
 	struct in6_addr prefix;
 
-	if (lsa_length < sizeof (*lsapp) - 4)
+	if (lsa_length < sizeof (*lsapp) - IPV6_ADDR_LEN_BYTES)
 		goto trunc;
-	lsa_length -= sizeof (*lsapp) - 4;
-	ND_TCHECK2(*lsapp, sizeof (*lsapp) - 4);
+	lsa_length -= sizeof (*lsapp) - IPV6_ADDR_LEN_BYTES;
+	ND_TCHECK2(*lsapp, sizeof (*lsapp) - IPV6_ADDR_LEN_BYTES);
 	wordlen = (lsapp->lsa_p_len + 31) / 32;
 	if (wordlen * 4 > sizeof(struct in6_addr)) {
 		ND_PRINT((ndo, " bogus prefixlen /%d", lsapp->lsa_p_len));
@@ -439,7 +442,7 @@ ospf6_print_lsaprefix(netdissect_options *ndo,
                               "none", lsapp->lsa_p_opt)));
         }
         ND_PRINT((ndo, ", metric %u", EXTRACT_16BITS(&lsapp->lsa_p_metric)));
-	return sizeof(*lsapp) - 4 + wordlen * 4;
+	return sizeof(*lsapp) - IPV6_ADDR_LEN_BYTES + wordlen * 4;
 
 trunc:
 	return -1;