diff options
author | Guy Harris <guy@alum.mit.edu> | 2016-03-25 12:49:37 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2016-03-25 12:49:37 -0700 |
commit | 3d11d28ba07fffcbfd460cdb1fe95eded061e2f3 (patch) | |
tree | d0e6fd904fa46f894ca33a577dd65f274dd7da53 | |
parent | f0b959c53eae8e655e26ef7faf202c9bf8967b0f (diff) | |
download | tcpdump-3d11d28ba07fffcbfd460cdb1fe95eded061e2f3.tar.gz |
Make sure the length of the header is valid.
It must be at least 2, as it includes the lengths of the Base and
Service Path headers, and those are always present.
-rw-r--r-- | print-nsh.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/print-nsh.c b/print-nsh.c index a5b464e9..1a27b713 100644 --- a/print-nsh.c +++ b/print-nsh.c @@ -97,12 +97,23 @@ nsh_print(netdissect_options *ndo, const u_char *bp, u_int len) ND_PRINT((ndo, "service-path-id 0x%06x, ", service_path_id)); ND_PRINT((ndo, "service-index 0x%x", service_index)); - /* print Context Headers */ + /* Make sure we have all the headers */ if (len < length * NSH_HDR_WORD_SIZE) goto trunc; ND_TCHECK2(*bp, length * NSH_HDR_WORD_SIZE); + /* + * length includes the lengths of the Base and Service Path headers. + * That means it must be at least 2. + */ + if (length < 2) + goto trunc; + + /* + * Print, or skip, the Context Headers. + * (length - 2) is the length of those headers. + */ if (ndo->ndo_vflag > 2) { if (md_type == 0x01) { for (n = 0; n < length - 2; n++) { |