From ddf590c14278769bb2e1a7b7a87ce98ae23bc549 Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sat, 6 Nov 2021 16:58:42 +0100
Subject: IPX: Add two length checks

This change fixes some undefined behaviors at runtime.

The errors were like:
print-ipx.c:160:12: runtime error: unsigned integer overflow:
  1 - 2 cannot be represented in type 'unsigned int'
print-ipx.c:233:12: runtime error: unsigned integer overflow:
  1 - 2 cannot be represented in type 'unsigned int'
---
 print-ipx.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'print-ipx.c')

diff --git a/print-ipx.c b/print-ipx.c
index c16a8673..f8c0ce7c 100644
--- a/print-ipx.c
+++ b/print-ipx.c
@@ -156,6 +156,7 @@ ipx_sap_print(netdissect_options *ndo, const u_char *ipx, u_int length)
     int command, i;
 
     command = GET_BE_U_2(ipx);
+    ND_LCHECK_U(length, 2);
     ipx += 2;
     length -= 2;
 
@@ -229,6 +230,7 @@ ipx_rip_print(netdissect_options *ndo, const u_char *ipx, u_int length)
     int command, i;
 
     command = GET_BE_U_2(ipx);
+    ND_LCHECK_U(length, 2);
     ipx += 2;
     length -= 2;
 
-- 
cgit v1.2.1