diff options
Diffstat (limited to 'usr.sbin/tcpdump/print-cnfp.c')
-rw-r--r-- | usr.sbin/tcpdump/print-cnfp.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/usr.sbin/tcpdump/print-cnfp.c b/usr.sbin/tcpdump/print-cnfp.c index 32d45b27e41..805762240cf 100644 --- a/usr.sbin/tcpdump/print-cnfp.c +++ b/usr.sbin/tcpdump/print-cnfp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-cnfp.c,v 1.1 1998/06/25 19:42:46 mickey Exp $ */ +/* $OpenBSD: print-cnfp.c,v 1.2 1998/06/25 20:26:59 mickey Exp $ */ /* * Copyright (c) 1998 Michael Shalayeff @@ -84,6 +84,9 @@ cnfp_print(register const u_char *cp, u_int len, register const u_char *bp) ip = (struct ip *)bp; nh = (struct nfhdr *)cp; + if ((u_char *)(nh + 1) > snapend) + return; + nrecs = ntohl(nh->ver_cnt) & 0xffff; ver = (ntohl(nh->ver_cnt) & 0xffff0000) >> 16; t = ntohl(nh->utc_sec); @@ -96,11 +99,15 @@ cnfp_print(register const u_char *cp, u_int len, register const u_char *bp) if (ver == 5) { printf("#%u, ", htonl(nh->sequence)); nr = (struct nfrec *)&nh[1]; - } else + snaplen -= 24; + } else { nr = (struct nfrec *)&nh->sequence; + snaplen -= 16; + } + + printf("%2u recs", nrecs); - printf("%2u recs:", nrecs); - for (; nrecs--; nr++) { + for (; nrecs-- && (u_char *)(nr + 1) <= snapend; nr++) { char buf[5]; char asbuf[7]; |