From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sun, 6 Feb 2022 08:59:58 +0000 (+0100)
Subject: ICMPv6: Add a length check in the rpl_dio_print() function
X-Git-Tag: tcpdump-4.99.2~75
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/b9a9e4b5fa0454b77cacf7eb78112c1c7eafbcbc

ICMPv6: Add a length check in the rpl_dio_print() function

(backported from commit 23b99286ca05088ab94074100c96771bed0865e0)
---

diff --git a/print-icmp6.c b/print-icmp6.c
index 63c202c4..0ba65690 100644
--- a/print-icmp6.c
+++ b/print-icmp6.c
@@ -851,6 +851,7 @@ rpl_dio_print(netdissect_options *ndo,
 {
         const struct nd_rpl_dio *dio = (const struct nd_rpl_dio *)bp;
 
+        ND_LCHECK_ZU(length, sizeof(struct nd_rpl_dio));
         ND_PRINT(" [dagid:%s,seq:%u,instance:%u,rank:%u,%smop:%s,prf:%u]",
                   GET_IP6ADDR_STRING(dio->rpl_dagid),
                   GET_U_1(dio->rpl_dtsn),
@@ -865,6 +866,9 @@ rpl_dio_print(netdissect_options *ndo,
                 rpl_printopts(ndo, bp + sizeof(struct nd_rpl_dio),
                               length - sizeof(struct nd_rpl_dio));
         }
+        return;
+invalid:
+        nd_print_invalid(ndo);
 }
 
 static void