diff options
| author | Moritz Jodeit <moritz@cvs.openbsd.org> | 2005-06-14 17:57:22 +0000 |
|---|---|---|
| committer | Moritz Jodeit <moritz@cvs.openbsd.org> | 2005-06-14 17:57:22 +0000 |
| commit | 908b11b8beac8e3000f94c90553d5208dba66ed2 (patch) | |
| tree | 35e84fbce0aabc40c4bd8e4cfb345a2867352b2b /usr.sbin/tcpdump/print-bgp.c | |
| parent | 5d739e53a29fd8d8d9f7dd046345885ea021b855 (diff) | |
add missing error check for decode_prefix4. ok deraadt@
Diffstat (limited to 'usr.sbin/tcpdump/print-bgp.c')
| -rw-r--r-- | usr.sbin/tcpdump/print-bgp.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/usr.sbin/tcpdump/print-bgp.c b/usr.sbin/tcpdump/print-bgp.c index 5c36d79a3fc..0f9a30a5bf0 100644 --- a/usr.sbin/tcpdump/print-bgp.c +++ b/usr.sbin/tcpdump/print-bgp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-bgp.c,v 1.5 2005/04/27 23:03:01 cloder Exp $ */ +/* $OpenBSD: print-bgp.c,v 1.6 2005/06/14 17:57:21 moritz Exp $ */ /* * Copyright (C) 1999 WIDE Project. @@ -609,6 +609,7 @@ bgp_update_print(const u_char *dat, int length) printf(" (Withdrawn routes: %d bytes)", len); #else char buf[MAXHOSTNAMELEN + 100]; + int wpfx; TCHECK2(p[2], len); i = 2; @@ -616,7 +617,12 @@ bgp_update_print(const u_char *dat, int length) printf(" (Withdrawn routes:"); while(i < 2 + len) { - i += decode_prefix4(&p[i], buf, sizeof(buf)); + wpfx = decode_prefix4(&p[i], buf, sizeof(buf)); + if (wpfx < 0) { + printf(" (illegal prefix length)"); + break; + } + i += wpfx; printf(" %s", buf); } printf(")\n"); |