diff options
author | Guy Harris <guy@alum.mit.edu> | 2015-07-03 17:45:06 -0700 |
---|---|---|
committer | Francois-Xavier Le Bail <fx.lebail@yahoo.com> | 2017-01-18 09:16:36 +0100 |
commit | b56aab38621915a192be3fab9334207a12b1cb9a (patch) | |
tree | 2ceb6913c7ea65d943026bbf8d3ee364382cc106 /print-atalk.c | |
parent | cb696b8e91d9860dd30ec3b7dcb16424cd6e18ac (diff) | |
download | tcpdump-b56aab38621915a192be3fab9334207a12b1cb9a.tar.gz |
CVE-2016-7973/Add bounds and length checks.
Fixes heap overflows found with American Fuzzy Lop by Hanno Böck.
Diffstat (limited to 'print-atalk.c')
-rw-r--r-- | print-atalk.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/print-atalk.c b/print-atalk.c index 8460a4fd..a5ce58a4 100644 --- a/print-atalk.c +++ b/print-atalk.c @@ -216,6 +216,15 @@ aarp_print(netdissect_options *ndo, ND_PRINT((ndo, "aarp ")); ap = (const struct aarp *)bp; + if (!ND_TTEST(*ap)) { + /* Just bail if we don't have the whole chunk. */ + ND_PRINT((ndo, " [|aarp]")); + return; + } + if (length < sizeof(*ap)) { + ND_PRINT((ndo, " [|aarp %u]", length)); + return; + } if (EXTRACT_16BITS(&ap->htype) == 1 && EXTRACT_16BITS(&ap->ptype) == ETHERTYPE_ATALK && ap->halen == 6 && ap->palen == 4 ) |