From: Guy Harris <gharris@sonic.net>
Date: Thu, 21 Jul 2022 08:32:44 +0000 (-0700)
Subject: juniper: don't do bounds checking for fields in the cookie.
X-Git-Tag: tcpdump-4.99.2~46
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/76a6da3e5e646cacd6b97540536a926798f590a4?ds=sidebyside

juniper: don't do bounds checking for fields in the cookie.

l2info.cookie is not inside the packet - it's a copy of data from the
packet, with the copy doing the necessary bounds checking - so we
shouldn't use NT_TCHECK or GET macros on it.

(cherry picked from commit 707241029c536f763449d6592f15417c1b245aeb)
---

diff --git a/print-juniper.c b/print-juniper.c
index 12015907..f86ff91b 100644
--- a/print-juniper.c
+++ b/print-juniper.c
@@ -495,13 +495,13 @@ juniper_ggsn_if_print(netdissect_options *ndo,
         p+=l2info.header_len;
         gh = (struct juniper_ggsn_header *)&l2info.cookie;
 
-        ND_TCHECK_SIZE(gh);
-        proto = GET_U_1(gh->proto);
+        /* use EXTRACT_, not GET_ (not packet buffer pointer) */
+        proto = EXTRACT_U_1(gh->proto);
         if (ndo->ndo_eflag) {
             ND_PRINT("proto %s (%u), vlan %u: ",
                    tok2str(juniper_protocol_values,"Unknown",proto),
                    proto,
-                   GET_BE_U_2(gh->vlan_id));
+                   EXTRACT_BE_U_2(gh->vlan_id));
         }
 
         switch (proto) {