From: hannes Date: Wed, 27 Apr 2005 18:42:28 +0000 (+0000) Subject: infinite loop protection for ldp and bgp X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/2f4b6f3e9f73d19e52b93c0d2a9d11063ddd0788 infinite loop protection for ldp and bgp --- diff --git a/print-bgp.c b/print-bgp.c index 669086b7..08908019 100644 --- a/print-bgp.c +++ b/print-bgp.c @@ -36,7 +36,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.72.2.4 2004-03-24 00:04:04 guy Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-bgp.c,v 1.72.2.5 2005-04-27 18:42:28 hannes Exp $"; #endif #include @@ -1216,6 +1216,8 @@ bgp_attr_print(const struct bgp_attr *attr, const u_char *pptr, int len) tptr = pptr + len; break; } + if (advance < 0) /* infinite loop protection */ + break; tptr += advance; } break; diff --git a/print-ldp.c b/print-ldp.c index c8e80e9c..909aecc4 100644 --- a/print-ldp.c +++ b/print-ldp.c @@ -15,7 +15,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-ldp.c,v 1.4.2.2 2003-11-16 08:51:31 guy Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ldp.c,v 1.4.2.3 2005-04-27 18:42:29 hannes Exp $"; #endif #ifdef HAVE_CONFIG_H @@ -326,6 +326,9 @@ ldp_print(register const u_char *pptr, register u_int len) { EXTRACT_32BITS(&ldp_msg_header->id), LDP_MASK_U_BIT(EXTRACT_16BITS(&ldp_msg_header->type)) ? "continue processing" : "ignore"); + if (msg_len == 0) /* infinite loop protection */ + break; + msg_tptr=tptr+sizeof(struct ldp_msg_header); msg_tlen=msg_len-sizeof(struct ldp_msg_header)+4; /* Type & Length fields not included */