From ac5baa713cefde60313836eac51900744be55d68 Mon Sep 17 00:00:00 2001 From: Francois-Xavier Le Bail Date: Fri, 18 Oct 2019 18:31:02 +0200 Subject: FRF.16: Add a length check The specification says in a well-formed Magic Number Information Element the data is exactly 4 bytes long. This gives a more accurate output. Update the output of a test accordingly. Partial update from aa3e54f594385ce7e1e319b0c84999e51192578b in 4.9 branch. --- print-fr.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'print-fr.c') diff --git a/print-fr.c b/print-fr.c index 22561a23..a7ea98a1 100644 --- a/print-fr.c +++ b/print-fr.c @@ -495,6 +495,12 @@ mfr_print(netdissect_options *ndo, switch (ie_type) { case MFR_CTRL_IE_MAGIC_NUM: + /* FRF.16.1 Section 3.4.3 Magic Number Information Element */ + if (ie_len != 4) { + ND_PRINT("[IE data length %d != 4]", ie_len); + nd_print_invalid(ndo); + break; + } ND_PRINT("0x%08x", GET_BE_U_4(tptr)); break; -- cgit v1.2.1