From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Thu, 8 Feb 2018 13:06:28 +0000 (+0100)
Subject: Bluetooth: Add some bounds and length checks
X-Git-Tag: tcpdump-4.99-bp~1278
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/9d7fa2e15a2a4a13b00b69341471bfab1ba2fa4c?hp=68707bd200fc99f2454ad89ace0d8ba1700b1732

Bluetooth: Add some bounds and length checks

Moreover:
Add and use tstr[].
Fix indent.
---

diff --git a/print-bt.c b/print-bt.c
index daf736ce..40b7f971 100644
--- a/print-bt.c
+++ b/print-bt.c
@@ -28,6 +28,8 @@
 #include "netdissect.h"
 #include "extract.h"
 
+static const char tstr[] = " [|bt]";
+
 #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H)
 #include <pcap/bluetooth.h>
 
@@ -45,19 +47,21 @@ bt_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *
 	u_int caplen = h->caplen;
 	const pcap_bluetooth_h4_header* hdr = (const pcap_bluetooth_h4_header*)p;
 
-	if (caplen < BT_HDRLEN) {
-		ND_PRINT("[|bt]");
-		return (BT_HDRLEN);
-	}
+	if (caplen < BT_HDRLEN || length < BT_HDRLEN)
+		goto trunc;
 	caplen -= BT_HDRLEN;
 	length -= BT_HDRLEN;
 	p += BT_HDRLEN;
+	ND_TCHECK_4(&hdr->direction);
 	if (ndo->ndo_eflag)
-		ND_PRINT("hci length %u, direction %s, ", length, (EXTRACT_BE_U_4(&hdr->direction)&0x1)?"in":"out");
+		ND_PRINT("hci length %u, direction %s, ", length,
+			 (EXTRACT_BE_U_4(&hdr->direction)&0x1) ? "in" : "out");
 
 	if (!ndo->ndo_suppress_default_print)
 		ND_DEFAULTPRINT(p, caplen);
 
+trunc:
+	ND_PRINT("%s", tstr);
 	return (BT_HDRLEN);
 }
 #endif