From: guy Date: Wed, 24 Mar 2004 01:45:26 +0000 (+0000) Subject: Add length checks. X-Git-Tag: tcpdump-3.8.2~16 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/ba80bd184e5d74baeaf139a9d7d02dec8e370668 Add length checks. --- diff --git a/print-isoclns.c b/print-isoclns.c index 96439d3e..2b6166d1 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -26,7 +26,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.106.2.4 2003-12-15 04:18:09 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.106.2.5 2004-03-24 01:45:26 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -869,60 +869,72 @@ isis_print_is_reach_subtlv (const u_int8_t *tptr,int subt,int subl,const char *i case SUBTLV_EXT_IS_REACH_ADMIN_GROUP: case SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID: case SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID: - printf(", 0x%08x", EXTRACT_32BITS(tptr)); - if (subl == 8) /* draft-ietf-isis-gmpls-extensions */ - printf(", 0x%08x", EXTRACT_32BITS(tptr+4)); + if (subl >= 4) { + printf(", 0x%08x", EXTRACT_32BITS(tptr)); + if (subl == 8) /* draft-ietf-isis-gmpls-extensions */ + printf(", 0x%08x", EXTRACT_32BITS(tptr+4)); + } break; case SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR: case SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR: - printf(", %s", ipaddr_string(tptr)); + if (subl >= 4) + printf(", %s", ipaddr_string(tptr)); break; case SUBTLV_EXT_IS_REACH_MAX_LINK_BW : case SUBTLV_EXT_IS_REACH_RESERVABLE_BW: - bw.i = EXTRACT_32BITS(tptr); - printf(", %.3f Mbps", bw.f*8/1000000 ); + if (subl >= 4) { + bw.i = EXTRACT_32BITS(tptr); + printf(", %.3f Mbps", bw.f*8/1000000 ); + } break; case SUBTLV_EXT_IS_REACH_UNRESERVED_BW : - for (priority_level = 0; priority_level < 8; priority_level++) { + if (subl >= 32) { + for (priority_level = 0; priority_level < 8; priority_level++) { bw.i = EXTRACT_32BITS(tptr); printf("%s priority level %d: %.3f Mbps", ident, priority_level, bw.f*8/1000000 ); tptr+=4; + } } break; case SUBTLV_EXT_IS_REACH_TE_METRIC: - printf(", %u", EXTRACT_24BITS(tptr)); + if (subl >= 3) + printf(", %u", EXTRACT_24BITS(tptr)); break; case SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE: - printf(", %s, Priority %u", + if (subl >= 2) { + printf(", %s, Priority %u", bittok2str(gmpls_link_prot_values, "none", *tptr), *(tptr+1)); + } break; case SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR: - printf("%s Interface Switching Capability:%s", + if (subl >= 36) { + printf("%s Interface Switching Capability:%s", ident, tok2str(gmpls_switch_cap_values, "Unknown", *(tptr))); - printf(", LSP Encoding: %s", + printf(", LSP Encoding: %s", tok2str(gmpls_encoding_values, "Unknown", *(tptr+1))); - tptr+=4; - printf("%s Max LSP Bandwidth:",ident); - for (priority_level = 0; priority_level < 8; priority_level++) { + tptr+=4; + printf("%s Max LSP Bandwidth:",ident); + for (priority_level = 0; priority_level < 8; priority_level++) { bw.i = EXTRACT_32BITS(tptr); printf("%s priority level %d: %.3f Mbps", ident, priority_level, bw.f*8/1000000 ); tptr+=4; - } - subl-=36; - /* there is some optional stuff left to decode but this is as of yet - not specified so just lets hexdump what is left */ - if(subl>0){ + } + subl-=36; + /* there is some optional stuff left to decode but this is as of yet + not specified so just lets hexdump what is left */ + if(subl>0){ if(!print_unknown_data(tptr,"\n\t\t ", subl-36)) return(0); + } } break; default: