CVE-2017-5482/Q.933: add a missing bounds check

Brian Carpenter had found that regardless of CVE-2016-8575 q933_print() still could overread the buffer trying to parse a short packet. This change fixes the problem.
author: Denis Ovsienko <denis@ovsienko.info> 2017-01-12 10:09:34 +0000
committer: Francois-Xavier Le Bail <fx.lebail@yahoo.com> 2017-01-18 09:16:41 +0100
commit: c39c1d99ac3b6d5d9519b39da6717180651650d3 (patch)
tree: 9a68359cfb9c57c3b8c7f28c76c82fc9178a26ab /print-fr.c
parent: 857ec6e800ec772f5a6b9f76268d189d70f000b6 (diff)
download: tcpdump-c39c1d99ac3b6d5d9519b39da6717180651650d3.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/print-fr.c b/print-fr.c
index f400ddcd..da7ee25f 100644
--- a/print-fr.c
+++ b/print-fr.c
@@ -906,6 +906,7 @@ q933_print(netdissect_options *ndo,
 	ND_PRINT((ndo, "%s, codeset %u", is_ansi ? "ANSI" : "CCITT", codeset));
 
 	if (call_ref_length != 0) {
+		ND_TCHECK(p[0]);
 		if (call_ref_length > 1 || p[0] != 0) {
 			/*
 			 * Not a dummy call reference.
author	Denis Ovsienko <denis@ovsienko.info>	2017-01-12 10:09:34 +0000
committer	Francois-Xavier Le Bail <fx.lebail@yahoo.com>	2017-01-18 09:16:41 +0100
commit	c39c1d99ac3b6d5d9519b39da6717180651650d3 (patch)
tree	9a68359cfb9c57c3b8c7f28c76c82fc9178a26ab /print-fr.c
parent	857ec6e800ec772f5a6b9f76268d189d70f000b6 (diff)
download	tcpdump-c39c1d99ac3b6d5d9519b39da6717180651650d3.tar.gz