From: fenner <fenner>
Date: Tue, 25 Jan 2000 01:03:23 +0000 (+0000)
Subject: Don't try to print packets with a too-short hlen.
X-Git-Tag: tcpdump-3.5.1~379
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/9fc0b5391fb2824c33ef749ceff27f0a9c979ef6

Don't try to print packets with a too-short hlen.
Pointed out on BUGTRAQ on 16 Jun 1999 (reported as infinite loop on
 Linux and core dump on all other OS's)
---

diff --git a/print-ip.c b/print-ip.c
index 2ae036af..1effe0d6 100644
--- a/print-ip.c
+++ b/print-ip.c
@@ -21,7 +21,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.79 1999-12-22 06:27:21 itojun Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.80 2000-01-25 01:03:23 fenner Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -443,6 +443,10 @@ ip_print(register const u_char *bp, register u_int length)
 		return;
 	}
 	hlen = ip->ip_hl * 4;
+	if (hlen < sizeof (struct ip)) {
+		(void)printf("bad-hlen %d", hlen);
+		return;
+	}
 
 	len = ntohs(ip->ip_len);
 	if (length < len)