From: hannes <hannes>
Date: Mon, 25 Apr 2005 09:09:11 +0000 (+0000)
Subject: bugfix: do not attempt to decode zero-length TLVs, only attempt to decode IS-REACH... 
X-Git-Tag: tcpdump-4.0.0~475
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/3ac9165c1ff8d15aac90fd872813bdeb3ad2cafe

bugfix: do not attempt to decode zero-length TLVs, only attempt to decode IS-REACH (varlength) TLVs if the TLV length indicates that there is at least a single byte on the wire
---

diff --git a/print-isoclns.c b/print-isoclns.c
index ca6ebc69..74ce023d 100644
--- a/print-isoclns.c
+++ b/print-isoclns.c
@@ -26,7 +26,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.134 2005-04-25 08:42:30 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.135 2005-04-25 09:09:11 hannes Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -1905,6 +1905,9 @@ static int isis_print (const u_int8_t *p, u_int length)
                tlv_type,
                tlv_len);
 
+        if (tlv_len == 0) /* something is malformed */
+            break;
+
         /* now check if we have a decoder otherwise do a hexdump at the end*/
 	switch (tlv_type) {
 	case ISIS_TLV_AREA_ADDR:
@@ -1935,7 +1938,7 @@ static int isis_print (const u_int8_t *p, u_int length)
 	    break;
 
         case ISIS_TLV_ISNEIGH_VARLEN:
-            if (!TTEST2(*tptr, 1))
+            if (!TTEST2(*tptr, 1) && tmp > 1)
 		goto trunctlv;
 	    lan_alen = *tptr++; /* LAN address length */
 	    if (lan_alen == 0) {