CVE-2016-7930/Add a bounds check.

Fixes a heap overflow found with American Fuzzy Lop by Hanno Böck.
author: Guy Harris <guy@alum.mit.edu> 2015-07-03 17:25:39 -0700
committer: Francois-Xavier Le Bail <fx.lebail@yahoo.com> 2017-01-18 09:16:36 +0100
commit: 9845aa1860a411c40e5f86b74443508d58fc67f9 (patch)
tree: 65584c0e0e990924074aca94b5a0528a3fbdf883 /print-llc.c
parent: a36c495ef49f96d41cd39caa5283aa6c4c32fd8b (diff)
download: tcpdump-9845aa1860a411c40e5f86b74443508d58fc67f9.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/print-llc.c b/print-llc.c
index bca9b502..7f316c2e 100644
--- a/print-llc.c
+++ b/print-llc.c
@@ -358,6 +358,12 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen,
                        length + hdrlen));
 
 		if ((control & ~LLC_U_POLL) == LLC_XID) {
+			if (caplen < 2 || length < 2) {
+				ND_PRINT((ndo, "[|llc]"));
+				if (caplen > 0)
+					ND_DEFAULTPRINT((const u_char *)p, caplen);
+				return (hdrlen);
+			}
 			if (*p == LLC_XID_FI) {
 				ND_PRINT((ndo, ": %02x %02x", p[1], p[2]));
 				return (hdrlen);
author	Guy Harris <guy@alum.mit.edu>	2015-07-03 17:25:39 -0700
committer	Francois-Xavier Le Bail <fx.lebail@yahoo.com>	2017-01-18 09:16:36 +0100
commit	9845aa1860a411c40e5f86b74443508d58fc67f9 (patch)
tree	65584c0e0e990924074aca94b5a0528a3fbdf883 /print-llc.c
parent	a36c495ef49f96d41cd39caa5283aa6c4c32fd8b (diff)
download	tcpdump-9845aa1860a411c40e5f86b74443508d58fc67f9.tar.gz