IPX: Add two length checks

This change fixes some undefined behaviors at runtime. The errors were like: print-ipx.c:160:12: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned int' print-ipx.c:233:12: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned int'
author: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> 2021-11-06 16:58:42 +0100
committer: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> 2021-11-29 14:11:12 +0100
commit: ddf590c14278769bb2e1a7b7a87ce98ae23bc549 (patch)
tree: 2979533bf1d5f924807c9fb626d5d3dc2111249e /print-ipx.c
parent: 69c0a4b0cc491748c919c0940b2f5b02f53f4354 (diff)
download: tcpdump-ddf590c14278769bb2e1a7b7a87ce98ae23bc549.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/print-ipx.c b/print-ipx.c
index c16a8673..f8c0ce7c 100644
--- a/print-ipx.c
+++ b/print-ipx.c
@@ -156,6 +156,7 @@ ipx_sap_print(netdissect_options *ndo, const u_char *ipx, u_int length)
     int command, i;
 
     command = GET_BE_U_2(ipx);
+    ND_LCHECK_U(length, 2);
     ipx += 2;
     length -= 2;
 
@@ -229,6 +230,7 @@ ipx_rip_print(netdissect_options *ndo, const u_char *ipx, u_int length)
     int command, i;
 
     command = GET_BE_U_2(ipx);
+    ND_LCHECK_U(length, 2);
     ipx += 2;
     length -= 2;
author	Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>	2021-11-06 16:58:42 +0100
committer	Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>	2021-11-29 14:11:12 +0100
commit	ddf590c14278769bb2e1a7b7a87ce98ae23bc549 (patch)
tree	2979533bf1d5f924807c9fb626d5d3dc2111249e /print-ipx.c
parent	69c0a4b0cc491748c919c0940b2f5b02f53f4354 (diff)
download	tcpdump-ddf590c14278769bb2e1a7b7a87ce98ae23bc549.tar.gz