CVE-2016-7926/Do some additional bounds checking before calling isoclns_print().

Fixes a heap overflow found with American Fuzzy Lop by Hanno Böck.
author: Guy Harris <guy@alum.mit.edu> 2015-07-03 16:21:08 -0700
committer: Francois-Xavier Le Bail <fx.lebail@yahoo.com> 2017-01-18 09:16:36 +0100
commit: 8be5413f3a168bd9913ac7ab348404f5af54dd42 (patch)
tree: 1d16b2704d9c0a17a38b74491018b23b7ab97cef /print-ether.c
parent: da946bdc6c4a6f8adaaef67f93d95f499a9cb145 (diff)
download: tcpdump-8be5413f3a168bd9913ac7ab348404f5af54dd42.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/print-ether.c b/print-ether.c
index 59d15c24..5072c442 100644
--- a/print-ether.c
+++ b/print-ether.c
@@ -360,7 +360,11 @@ ethertype_print(netdissect_options *ndo,
 		return (1);
 
 	case ETHERTYPE_ISO:
-		isoclns_print(ndo, p + 1, length - 1, length - 1);
+		if (length == 0 || caplen == 0) {
+			ND_PRINT((ndo, " [|osi]"));
+			return (1);
+		}
+		isoclns_print(ndo, p + 1, length - 1, caplen - 1);
 		return(1);
 
 	case ETHERTYPE_PPPOED:
author	Guy Harris <guy@alum.mit.edu>	2015-07-03 16:21:08 -0700
committer	Francois-Xavier Le Bail <fx.lebail@yahoo.com>	2017-01-18 09:16:36 +0100
commit	8be5413f3a168bd9913ac7ab348404f5af54dd42 (patch)
tree	1d16b2704d9c0a17a38b74491018b23b7ab97cef /print-ether.c
parent	da946bdc6c4a6f8adaaef67f93d95f499a9cb145 (diff)
download	tcpdump-8be5413f3a168bd9913ac7ab348404f5af54dd42.tar.gz