diff options
| author | Dimitry Andric <dim@FreeBSD.org> | 2015-01-31 20:49:30 +0000 |
|---|---|---|
| committer | Dimitry Andric <dim@FreeBSD.org> | 2015-01-31 20:49:30 +0000 |
| commit | acdf53f9a3170d092829475dacd0483a85143ec6 (patch) | |
| tree | b819b6880c6321c816607340c0c038316ef603c1 /contrib | |
| parent | 6a0fc39710cd2fd18addb70c5e932d4d443a1859 (diff) | |
| parent | 8e35ef81cc6aae36cd63a4243cf891c94e95ba4c (diff) | |
| download | src-acdf53f9a3170d092829475dacd0483a85143ec6.tar.gz src-acdf53f9a3170d092829475dacd0483a85143ec6.zip | |
Merge ^/head r277975 through r277998.
Notes
Notes:
svn path=/projects/clang360-import/; revision=277999
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/tcpdump/print-atm.c | 15 | ||||
| -rw-r--r-- | contrib/tcpdump/print-llc.c | 15 |
2 files changed, 25 insertions, 5 deletions
diff --git a/contrib/tcpdump/print-atm.c b/contrib/tcpdump/print-atm.c index b352579ea4d9..1676a86471c4 100644 --- a/contrib/tcpdump/print-atm.c +++ b/contrib/tcpdump/print-atm.c @@ -167,7 +167,7 @@ atm_if_print(netdissect_options *ndo, uint32_t llchdr; u_int hdrlen = 0; - if (caplen < 8) { + if (caplen < 1 || length < 1) { ND_PRINT((ndo, "%s", tstr)); return (caplen); } @@ -181,6 +181,15 @@ atm_if_print(netdissect_options *ndo, } /* + * Must have at least a DSAP, an SSAP, and the first byte of the + * control field. + */ + if (caplen < 3 || length < 3) { + ND_PRINT((ndo, "%s", tstr)); + return (caplen); + } + + /* * Extract the presumed LLC header into a variable, for quick * testing. * Then check for a header that's neither a header for a SNAP @@ -207,6 +216,10 @@ atm_if_print(netdissect_options *ndo, * packets? If so, could it be changed to use a * new DLT_IEEE802_6 value if we added it? */ + if (caplen < 20 || length < 20) { + ND_PRINT((ndo, "%s", tstr)); + return (caplen); + } if (ndo->ndo_eflag) ND_PRINT((ndo, "%08x%08x %08x%08x ", EXTRACT_32BITS(p), diff --git a/contrib/tcpdump/print-llc.c b/contrib/tcpdump/print-llc.c index 82da55b1d732..78b863103df1 100644 --- a/contrib/tcpdump/print-llc.c +++ b/contrib/tcpdump/print-llc.c @@ -153,10 +153,10 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, *extracted_ethertype = 0; - if (caplen < 3) { + if (caplen < 3 || length < 3) { ND_PRINT((ndo, "[|llc]")); ND_DEFAULTPRINT((u_char *)p, caplen); - return(0); + return (1); } dsap_field = *p; @@ -179,10 +179,10 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, * The control field in I and S frames is * 2 bytes... */ - if (caplen < 4) { + if (caplen < 4 || length < 4) { ND_PRINT((ndo, "[|llc]")); ND_DEFAULTPRINT((u_char *)p, caplen); - return(0); + return (1); } /* @@ -242,6 +242,11 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, if (ssap == LLCSAP_IP && dsap == LLCSAP_IP && control == LLC_UI) { + if (caplen < 4 || length < 4) { + ND_PRINT((ndo, "[|llc]")); + ND_DEFAULTPRINT((u_char *)p, caplen); + return (1); + } ip_print(ndo, p+4, length-4); return (1); } @@ -370,6 +375,8 @@ snap_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, register int ret; ND_TCHECK2(*p, 5); + if (caplen < 5 || length < 5) + goto trunc; orgcode = EXTRACT_24BITS(p); et = EXTRACT_16BITS(p + 3); |