From: guy Date: Fri, 6 May 2005 08:27:00 +0000 (+0000) Subject: Bounds-check the individual components of a SAP reply. X-Git-Tag: tcpdump-3.9.1~61 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/b78a4331417e5fdd8cb1535bf932307ab25badf8 Bounds-check the individual components of a SAP reply. Make "fn_printzp()" return 0 if we don't run past the end of the packet and we don't find any padding NULs. --- diff --git a/print-ipx.c b/print-ipx.c index 77fbcb67..598b6e40 100644 --- a/print-ipx.c +++ b/print-ipx.c @@ -24,7 +24,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-ipx.c,v 1.40.2.1 2005-05-06 07:57:18 guy Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-ipx.c,v 1.40.2.2 2005-05-06 08:27:00 guy Exp $"; #endif #ifdef HAVE_CONFIG_H @@ -159,12 +159,13 @@ ipx_sap_print(const u_short *ipx, u_int length) (void)printf("ipx-sap-nearest-resp"); for (i = 0; i < 8 && length > 0; i++) { - TCHECK2(ipx[25], 10); + TCHECK(ipx[0]); (void)printf(" %s '", ipxsap_string(htons(EXTRACT_16BITS(&ipx[0])))); if (fn_printzp((u_char *)&ipx[1], 48, snapend)) { printf("'"); goto trunc; } + TCHECK2(ipx[25], 10); printf("' addr %s", ipxaddr_string(EXTRACT_32BITS(&ipx[25]), (u_char *)&ipx[27])); ipx += 32; diff --git a/util.c b/util.c index f6443051..2e6d7239 100644 --- a/util.c +++ b/util.c @@ -21,7 +21,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/util.c,v 1.95.2.3 2005-05-06 07:57:20 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/util.c,v 1.95.2.4 2005-05-06 08:27:00 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -135,7 +135,7 @@ fn_printzp(register const u_char *s, register u_int n, } putchar(c); } - return (n == 0) ? 0 : 1; + return (n == 0) ? 0 : ret; } /*