FRF.16: Add a length check

The specification says in a well-formed Magic Number Information Element the data is exactly 4 bytes long. This gives a more accurate output. Update the output of a test accordingly. Partial update from aa3e54f594385ce7e1e319b0c84999e51192578b in 4.9 branch.
author: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> 2019-10-18 18:31:02 +0200
committer: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> 2019-10-19 15:05:46 +0200
commit: ac5baa713cefde60313836eac51900744be55d68 (patch)
tree: b42aa39e79e9a45147bce25ac296d164c4f3f309 /print-fr.c
parent: 8f19f1890c5cb962c1b6953e3deb25f171e9b3a0 (diff)
download: tcpdump-ac5baa713cefde60313836eac51900744be55d68.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/print-fr.c b/print-fr.c
index 22561a23..a7ea98a1 100644
--- a/print-fr.c
+++ b/print-fr.c
@@ -495,6 +495,12 @@ mfr_print(netdissect_options *ndo,
             switch (ie_type) {
 
             case MFR_CTRL_IE_MAGIC_NUM:
+                /* FRF.16.1 Section 3.4.3 Magic Number Information Element */
+                if (ie_len != 4) {
+                    ND_PRINT("[IE data length %d != 4]", ie_len);
+                    nd_print_invalid(ndo);
+                    break;
+                }
                 ND_PRINT("0x%08x", GET_BE_U_4(tptr));
                 break;
author	Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>	2019-10-18 18:31:02 +0200
committer	Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>	2019-10-19 15:05:46 +0200
commit	ac5baa713cefde60313836eac51900744be55d68 (patch)
tree	b42aa39e79e9a45147bce25ac296d164c4f3f309 /print-fr.c
parent	8f19f1890c5cb962c1b6953e3deb25f171e9b3a0 (diff)
download	tcpdump-ac5baa713cefde60313836eac51900744be55d68.tar.gz