From: guy <guy>
Date: Wed, 20 Apr 2005 21:49:56 +0000 (+0000)
Subject: If the length is specified, check to make sure it doesn't go past the
X-Git-Tag: tcpdump-4.0.0~496
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/d2b1b6c7789fe9a717f6fae2fdc0c8fe1fc9b0a2

If the length is specified, check to make sure it doesn't go past the
end of the packet, and isn't shorter than the header length.

Control messages have to have lengths.
---

diff --git a/print-l2tp.c b/print-l2tp.c
index 29cb4e23..dfc65582 100644
--- a/print-l2tp.c
+++ b/print-l2tp.c
@@ -23,7 +23,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-l2tp.c,v 1.18 2005-04-20 21:36:09 guy Exp $";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-l2tp.c,v 1.19 2005-04-20 21:49:56 guy Exp $";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -688,7 +688,22 @@ l2tp_print(const u_char *dat, u_int length)
 		cnt += (2 + pad);
 	}
 
+	if (flag_l) {
+		if (length < l2tp_len) {
+			printf(" Length %u larger than packet", l2tp_len);
+			return;
+		}
+		length = l2tp_len;
+	}
+	if (length < cnt) {
+		printf(" Length %u smaller than header length", length);
+		return;
+	}
 	if (flag_t) {
+		if (!flag_l) {
+			printf(" No length");
+			return;
+		}
 		if (length - cnt == 0) {
 			printf(" ZLB");
 		} else {