From 14e71ce55a9969390af3533ddaa3ab4289624d4a Mon Sep 17 00:00:00 2001
From: guy <guy>
Date: Wed, 6 Aug 2003 05:02:12 +0000
Subject: From Mark Ellzey Thomas	<mark@ackers.net>: check the length of
 a data chunk before printing it.

---
 print-sctp.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'print-sctp.c')

diff --git a/print-sctp.c b/print-sctp.c
index cb6c4d67..937f5e5c 100644
--- a/print-sctp.c
+++ b/print-sctp.c
@@ -35,7 +35,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-"@(#) $Header: /tcpdump/master/tcpdump/print-sctp.c,v 1.12 2003-06-03 23:49:23 guy Exp $ (NETLAB/PEL)";
+"@(#) $Header: /tcpdump/master/tcpdump/print-sctp.c,v 1.13 2003-08-06 05:02:13 guy Exp $ (NETLAB/PEL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -198,9 +198,17 @@ void sctp_print(const u_char *bp,        /* beginning of sctp packet */
 		if (!xflag && !qflag) {
 			payloadPtr = (const u_char *) (++dataHdrPtr);
 			printf(":");
+			if (htons(chunkDescPtr->chunkLength) <
+			    sizeof(struct sctpDataPart)+
+			    sizeof(struct sctpChunkDesc)+1) {
+				printf("bogus chunk length %u]",
+				    htons(chunkDescPtr->chunkLength));
+				return;
+			}
 			default_print(payloadPtr,
-			      htons(chunkDescPtr->chunkLength)-1 -
-			      sizeof(struct sctpDataPart)-sizeof(struct sctpChunkDesc));
+			      htons(chunkDescPtr->chunkLength) -
+			      (sizeof(struct sctpDataPart)+
+			      sizeof(struct sctpChunkDesc)+1));
 		} else
 			printf("]");
 	      }
-- 
cgit v1.2.1