summaryrefslogtreecommitdiff
path: root/usr.sbin/tcpdump
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-11-28 11:05:07 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-11-28 11:05:07 +0000
commit6fb19426c400391f6e777073130f4983e268cd1f (patch)
tree0c61d1b58717b85f72252548d530fe8c1a259aeb /usr.sbin/tcpdump
parent699a6f36bc607e23b263a019fe134b829f69adb4 (diff)
Check for invalid ICMP6 option length, ok itojun@
Diffstat (limited to 'usr.sbin/tcpdump')
-rw-r--r--usr.sbin/tcpdump/print-icmp6.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.sbin/tcpdump/print-icmp6.c b/usr.sbin/tcpdump/print-icmp6.c
index 220f3397708..ee7528af48d 100644
--- a/usr.sbin/tcpdump/print-icmp6.c
+++ b/usr.sbin/tcpdump/print-icmp6.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: print-icmp6.c,v 1.3 2002/05/30 18:36:42 deraadt Exp $ */
+/* $OpenBSD: print-icmp6.c,v 1.4 2002/11/28 11:05:06 dhartmei Exp $ */
/*
* Copyright (c) 1988, 1989, 1990, 1991, 1993, 1994
@@ -449,6 +449,10 @@ icmp6_opt_print(register const u_char *bp, int resid)
ECHECK(op->nd_opt_len);
if (resid <= 0)
return;
+ if (op->nd_opt_len == 0)
+ goto trunc;
+ if (bp + (op->nd_opt_len << 3) > ep)
+ goto trunc;
switch (op->nd_opt_type) {
case ND_OPT_SOURCE_LINKADDR:
opl = (struct nd_opt_hdr *)op;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-18 01:53:52 +0000