From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sat, 6 Nov 2021 15:58:42 +0000 (+0100)
Subject: IPX: Add two length checks
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/ddf590c14278769bb2e1a7b7a87ce98ae23bc549

IPX: Add two length checks

This change fixes some undefined behaviors at runtime.

The errors were like:
print-ipx.c:160:12: runtime error: unsigned integer overflow:
  1 - 2 cannot be represented in type 'unsigned int'
print-ipx.c:233:12: runtime error: unsigned integer overflow:
  1 - 2 cannot be represented in type 'unsigned int'
---

diff --git a/print-ipx.c b/print-ipx.c
index c16a8673..f8c0ce7c 100644
--- a/print-ipx.c
+++ b/print-ipx.c
@@ -156,6 +156,7 @@ ipx_sap_print(netdissect_options *ndo, const u_char *ipx, u_int length)
     int command, i;
 
     command = GET_BE_U_2(ipx);
+    ND_LCHECK_U(length, 2);
     ipx += 2;
     length -= 2;
 
@@ -229,6 +230,7 @@ ipx_rip_print(netdissect_options *ndo, const u_char *ipx, u_int length)
     int command, i;
 
     command = GET_BE_U_2(ipx);
+    ND_LCHECK_U(length, 2);
     ipx += 2;
     length -= 2;