From: guy Date: Wed, 25 May 2005 22:00:00 +0000 (+0000) Subject: Add some more length checking. X-Git-Tag: tcpdump-3.9.1~36 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/5e7b5c254f90de4eb04c01b19d2ad122797b49c3 Add some more length checking. --- diff --git a/print-isoclns.c b/print-isoclns.c index 15ed13e4..b6507a11 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -26,7 +26,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.133.2.6 2005-05-25 07:24:32 hannes Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.133.2.7 2005-05-25 22:00:00 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -825,13 +825,19 @@ static int clnp_print (const u_int8_t *pptr, u_int length) nsap_offset=*(tptr+1)-1; /* offset to nsap list */ tptr+=nsap_offset; tlen-=nsap_offset; - while (tlen > 2) { + while (tlen > 0) { source_address_length=*tptr; - source_address=(tptr+1); - TCHECK2(*source_address, source_address_length); - printf("\n\t NSAP address (length %u): %s", - source_address_length, - isonsap_string(source_address, source_address_length)); + if (tlen < source_address_length+1) { + printf("\n\t NSAP address goes past end of option"); + break; + } + if (source_address_length > 0) { + source_address=(tptr+1); + TCHECK2(*source_address, source_address_length); + printf("\n\t NSAP address (length %u): %s", + source_address_length, + isonsap_string(source_address, source_address_length)); + } tlen-=source_address_length+1; } break;