CVE-2016-7973/Add bounds and length checks.

Fixes heap overflows found with American Fuzzy Lop by Hanno Böck.
author: Guy Harris <guy@alum.mit.edu> 2015-07-03 17:45:06 -0700
committer: Francois-Xavier Le Bail <fx.lebail@yahoo.com> 2017-01-18 09:16:36 +0100
commit: b56aab38621915a192be3fab9334207a12b1cb9a (patch)
tree: 2ceb6913c7ea65d943026bbf8d3ee364382cc106 /print-atalk.c
parent: cb696b8e91d9860dd30ec3b7dcb16424cd6e18ac (diff)
download: tcpdump-b56aab38621915a192be3fab9334207a12b1cb9a.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/print-atalk.c b/print-atalk.c
index 8460a4fd..a5ce58a4 100644
--- a/print-atalk.c
+++ b/print-atalk.c
@@ -216,6 +216,15 @@ aarp_print(netdissect_options *ndo,
 
 	ND_PRINT((ndo, "aarp "));
 	ap = (const struct aarp *)bp;
+	if (!ND_TTEST(*ap)) {
+		/* Just bail if we don't have the whole chunk. */
+		ND_PRINT((ndo, " [|aarp]"));
+		return;
+	}
+	if (length < sizeof(*ap)) {	
+		ND_PRINT((ndo, " [|aarp %u]", length));
+		return;
+	}
 	if (EXTRACT_16BITS(&ap->htype) == 1 &&
 	    EXTRACT_16BITS(&ap->ptype) == ETHERTYPE_ATALK &&
 	    ap->halen == 6 && ap->palen == 4 )
author	Guy Harris <guy@alum.mit.edu>	2015-07-03 17:45:06 -0700
committer	Francois-Xavier Le Bail <fx.lebail@yahoo.com>	2017-01-18 09:16:36 +0100
commit	b56aab38621915a192be3fab9334207a12b1cb9a (patch)
tree	2ceb6913c7ea65d943026bbf8d3ee364382cc106 /print-atalk.c
parent	cb696b8e91d9860dd30ec3b7dcb16424cd6e18ac (diff)
download	tcpdump-b56aab38621915a192be3fab9334207a12b1cb9a.tar.gz