diff options
author | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2021-11-06 16:58:42 +0100 |
---|---|---|
committer | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2021-11-29 14:11:12 +0100 |
commit | ddf590c14278769bb2e1a7b7a87ce98ae23bc549 (patch) | |
tree | 2979533bf1d5f924807c9fb626d5d3dc2111249e /print-ipx.c | |
parent | 69c0a4b0cc491748c919c0940b2f5b02f53f4354 (diff) | |
download | tcpdump-ddf590c14278769bb2e1a7b7a87ce98ae23bc549.tar.gz |
IPX: Add two length checks
This change fixes some undefined behaviors at runtime.
The errors were like:
print-ipx.c:160:12: runtime error: unsigned integer overflow:
1 - 2 cannot be represented in type 'unsigned int'
print-ipx.c:233:12: runtime error: unsigned integer overflow:
1 - 2 cannot be represented in type 'unsigned int'
Diffstat (limited to 'print-ipx.c')
-rw-r--r-- | print-ipx.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/print-ipx.c b/print-ipx.c index c16a8673..f8c0ce7c 100644 --- a/print-ipx.c +++ b/print-ipx.c @@ -156,6 +156,7 @@ ipx_sap_print(netdissect_options *ndo, const u_char *ipx, u_int length) int command, i; command = GET_BE_U_2(ipx); + ND_LCHECK_U(length, 2); ipx += 2; length -= 2; @@ -229,6 +230,7 @@ ipx_rip_print(netdissect_options *ndo, const u_char *ipx, u_int length) int command, i; command = GET_BE_U_2(ipx); + ND_LCHECK_U(length, 2); ipx += 2; length -= 2; |