diff options
author | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2021-05-11 12:21:28 +0200 |
---|---|---|
committer | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2021-05-17 14:58:48 +0200 |
commit | 507a5d9a7abde72f40a33f7c0a6f53c56fde7c5b (patch) | |
tree | 5fd6ef1e18ed6a4dbcb216b4547627748e36a343 /print-802_15_4.c | |
parent | 464b71445edbe620ccbc6e3f8cf43849cd7532b6 (diff) | |
download | tcpdump-507a5d9a7abde72f40a33f7c0a6f53c56fde7c5b.tar.gz |
IEEE 802.15.4: Add some bounds checks
This avoids to have cp (current pointer on packet data) > ndo->ndo_snapend
in hex_and_ascii_print(), via ndo_default_print(), via ND_DEFAULTPRINT(),
in some cases.
(cherry picked from commit 346ea98e51a8d50acbbe010f4b39b098d34caa2f)
Diffstat (limited to 'print-802_15_4.c')
-rw-r--r-- | print-802_15_4.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/print-802_15_4.c b/print-802_15_4.c index d3371641..3d307ffd 100644 --- a/print-802_15_4.c +++ b/print-802_15_4.c @@ -28,6 +28,7 @@ #include "netdissect-stdinc.h" +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "addrtoname.h" @@ -2138,6 +2139,7 @@ ieee802_15_4_std_frames(netdissect_options *ndo, if (len < 0) { break; } + ND_TCHECK_LEN(p, len); p += len; caplen -= len; } @@ -2331,6 +2333,7 @@ ieee802_15_4_mp_frame(netdissect_options *ndo, if (len < 0) { return 0; } + ND_TCHECK_LEN(p, len); p += len; caplen -= len; } else { |