]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | borrowed from fedora |
2 | fix for CAN-2005-1279 | |
3 | ||
4 | --- tcpdump-3.8.2/print-ldp.c.t4 2003-11-16 10:36:27.000000000 +0100 | |
5 | +++ tcpdump-3.8.2/print-ldp.c 2005-04-28 14:17:15.000000000 +0200 | |
6 | @@ -327,7 +327,8 @@ | |
7 | LDP_MASK_U_BIT(EXTRACT_16BITS(&ldp_msg_header->type)) ? "continue processing" : "ignore"); | |
8 | ||
9 | msg_tptr=tptr+sizeof(struct ldp_msg_header); | |
10 | - msg_tlen=msg_len-sizeof(struct ldp_msg_header)+4; /* Type & Length fields not included */ | |
11 | + /* Type & Length fields not included */ | |
12 | + msg_tlen = (msg_len >= (sizeof(struct ldp_msg_header) + 4)) ? (msg_len - sizeof(struct ldp_msg_header) + 4) : 0; | |
13 | ||
14 | /* did we capture enough for fully decoding the message ? */ | |
15 | if (!TTEST2(*tptr, msg_len)) | |
16 | @@ -372,8 +373,12 @@ | |
17 | print_unknown_data(tptr+sizeof(sizeof(struct ldp_msg_header)),"\n\t ", | |
18 | msg_len); | |
19 | ||
20 | - tptr+=msg_len; | |
21 | - tlen-=msg_len; | |
22 | + if(!msg_len) | |
23 | + break; | |
24 | + else { | |
25 | + tptr+=msg_len; | |
26 | + tlen-=msg_len; | |
27 | + } | |
28 | } | |
29 | return; | |
30 | trunc: | |
31 | --- tcpdump-3.8.2/print-ascii.c.t4 2003-12-29 12:05:10.000000000 +0100 | |
32 | +++ tcpdump-3.8.2/print-ascii.c 2005-04-28 14:05:42.000000000 +0200 | |
33 | @@ -142,6 +142,9 @@ | |
34 | register int nshorts; | |
35 | ||
36 | nshorts = (u_int) length / sizeof(u_short); | |
37 | + if(!nshorts) | |
38 | + return; | |
39 | + | |
40 | i = 0; | |
41 | while (--nshorts >= 0) { | |
42 | if ((i++ % 8) == 0) { |