From: Guy Harris Date: Sun, 5 Jul 2015 00:33:54 +0000 (-0700) Subject: Fix previous bounds checks. X-Git-Tag: tcpdump-4.9.0-bp~84 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/bf7c00815ba0171a4735fcecc2cc5a3d9a467ace Fix previous bounds checks. An XID could have no payload, e.g. an SNA "short form" XID. If it *does* have a payload, and it's a "basic form" XID, it needs to be at least 3 bytes long, not 2 bytes long. --- diff --git a/print-llc.c b/print-llc.c index 7f316c2e..6bdf5998 100644 --- a/print-llc.c +++ b/print-llc.c @@ -358,14 +358,27 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, length + hdrlen)); if ((control & ~LLC_U_POLL) == LLC_XID) { - if (caplen < 2 || length < 2) { + if (length == 0) { + /* + * XID with no payload. + * This could, for example, be an SNA + * "short form" XID. + */ + return (hdrlen); + } + if (caplen < 1) { ND_PRINT((ndo, "[|llc]")); if (caplen > 0) ND_DEFAULTPRINT((const u_char *)p, caplen); return (hdrlen); } if (*p == LLC_XID_FI) { - ND_PRINT((ndo, ": %02x %02x", p[1], p[2])); + if (caplen < 3 || length < 3) { + ND_PRINT((ndo, "[|llc]")); + if (caplen > 0) + ND_DEFAULTPRINT((const u_char *)p, caplen); + } else + ND_PRINT((ndo, ": %02x %02x", p[1], p[2])); return (hdrlen); } }