diff options
| author | Gilbert Ramirez <gram@alumni.rice.edu> | 2000-05-17 04:09:32 +0000 |
|---|---|---|
| committer | Gilbert Ramirez <gram@alumni.rice.edu> | 2000-05-17 04:09:32 +0000 |
| commit | 3502bc1c7f6df585c4c0a605039b5b69dc9eff27 (patch) | |
| tree | 74d7edec668fadc382436ba117b5c5f59f330184 /packet-ripng.c | |
| parent | 69b133ea735c601dd02f69c805556fa939a97dba (diff) | |
| download | wireshark-3502bc1c7f6df585c4c0a605039b5b69dc9eff27.tar.gz wireshark-3502bc1c7f6df585c4c0a605039b5b69dc9eff27.tar.bz2 wireshark-3502bc1c7f6df585c4c0a605039b5b69dc9eff27.zip | |
Guard against short/malformed packets with old-style bounds-checking.
svn path=/trunk/; revision=1970
Diffstat (limited to 'packet-ripng.c')
| -rw-r--r-- | packet-ripng.c | 73 |
1 files changed, 39 insertions, 34 deletions
diff --git a/packet-ripng.c b/packet-ripng.c index 5c3b37f21c..8046c0ac8a 100644 --- a/packet-ripng.c +++ b/packet-ripng.c @@ -3,7 +3,7 @@ * (c) Copyright Jun-ichiro itojun Hagino <itojun@itojun.org> * derived from packet-rip.c * - * $Id: packet-ripng.c,v 1.10 2000/05/11 08:15:41 gram Exp $ + * $Id: packet-ripng.c,v 1.11 2000/05/17 04:09:32 gram Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@zing.org> @@ -89,41 +89,46 @@ dissect_ripng(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { offset += 4; while ((pi.captured_len - offset) >= sizeof(struct netinfo6)){ - memcpy(&ni6, &pd[offset], sizeof(ni6)); - if (ni6.rip6_tag) { - ti = proto_tree_add_text(ripng_tree, NullTVB, offset, - sizeof(ni6), "IP Address: %s/%u, Metric: %u, tag: 0x%04x", - ip6_to_str(&ni6.rip6_dest), - ni6.rip6_plen, - ni6.rip6_metric, + if (! BYTES_ARE_IN_FRAME(offset, sizeof(ni6))) { + proto_tree_add_text(ripng_tree, NullTVB, offset, sizeof(ni6), "No IP Address information"); + break; + } + + memcpy(&ni6, &pd[offset], sizeof(ni6)); + if (ni6.rip6_tag) { + ti = proto_tree_add_text(ripng_tree, NullTVB, offset, + sizeof(ni6), "IP Address: %s/%u, Metric: %u, tag: 0x%04x", + ip6_to_str(&ni6.rip6_dest), + ni6.rip6_plen, + ni6.rip6_metric, + ntohs(ni6.rip6_tag)); + } else { + ti = proto_tree_add_text(ripng_tree, NullTVB, offset, + sizeof(ni6), "IP Address: %s/%u, Metric: %u", + ip6_to_str(&ni6.rip6_dest), + ni6.rip6_plen, + ni6.rip6_metric); + } + subtree = proto_item_add_subtree(ti, ett_ripng_addr); + proto_tree_add_text(subtree, NullTVB, + offset + offsetof(struct netinfo6, rip6_dest), + sizeof(ni6.rip6_dest), "IP Address: %s", + ip6_to_str(&ni6.rip6_dest)); + proto_tree_add_text(subtree, NullTVB, + offset + offsetof(struct netinfo6, rip6_tag), + sizeof(ni6.rip6_tag), "Tag: 0x%04x", ntohs(ni6.rip6_tag)); - } else { - ti = proto_tree_add_text(ripng_tree, NullTVB, offset, - sizeof(ni6), "IP Address: %s/%u, Metric: %u", - ip6_to_str(&ni6.rip6_dest), - ni6.rip6_plen, + proto_tree_add_text(subtree, NullTVB, + offset + offsetof(struct netinfo6, rip6_plen), + sizeof(ni6.rip6_plen), "Prefix length: %u", + ni6.rip6_plen); + proto_tree_add_text(subtree, NullTVB, + offset + offsetof(struct netinfo6, rip6_metric), + sizeof(ni6.rip6_metric), "Metric: %u", ni6.rip6_metric); - } - subtree = proto_item_add_subtree(ti, ett_ripng_addr); - proto_tree_add_text(subtree, NullTVB, - offset + offsetof(struct netinfo6, rip6_dest), - sizeof(ni6.rip6_dest), "IP Address: %s", - ip6_to_str(&ni6.rip6_dest)); - proto_tree_add_text(subtree, NullTVB, - offset + offsetof(struct netinfo6, rip6_tag), - sizeof(ni6.rip6_tag), "Tag: 0x%04x", - ntohs(ni6.rip6_tag)); - proto_tree_add_text(subtree, NullTVB, - offset + offsetof(struct netinfo6, rip6_plen), - sizeof(ni6.rip6_plen), "Prefix length: %u", - ni6.rip6_plen); - proto_tree_add_text(subtree, NullTVB, - offset + offsetof(struct netinfo6, rip6_metric), - sizeof(ni6.rip6_metric), "Metric: %u", - ni6.rip6_metric); - - offset += sizeof(ni6); - } + + offset += sizeof(ni6); + } } } |