Fix previous bounds checks.

An XID could have no payload, e.g. an SNA "short form" XID. If it *does* have a payload, and it's a "basic form" XID, it needs to be at least 3 bytes long, not 2 bytes long.
author: Guy Harris <guy@alum.mit.edu> 2015-07-04 17:33:54 -0700
committer: Francois-Xavier Le Bail <fx.lebail@yahoo.com> 2017-01-18 09:16:37 +0100
commit: bf7c00815ba0171a4735fcecc2cc5a3d9a467ace (patch)
tree: fd6d751d0e06c366b9c13d4a2ac5b1edcb6dc013 /print-llc.c
parent: e8a77162825188bd31eb96c99dc8e4432a2c6531 (diff)
download: tcpdump-bf7c00815ba0171a4735fcecc2cc5a3d9a467ace.tar.gz
1 files changed, 15 insertions, 2 deletions
diff --git a/print-llc.c b/print-llc.c
index 7f316c2e..6bdf5998 100644
--- a/print-llc.c
+++ b/print-llc.c
@@ -358,14 +358,27 @@ llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen,
                        length + hdrlen));
 
 		if ((control & ~LLC_U_POLL) == LLC_XID) {
-			if (caplen < 2 || length < 2) {
+			if (length == 0) {
+				/*
+				 * XID with no payload.
+				 * This could, for example, be an SNA
+				 * "short form" XID.
+                                 */
+				return (hdrlen);
+			}
+			if (caplen < 1) {
 				ND_PRINT((ndo, "[|llc]"));
 				if (caplen > 0)
 					ND_DEFAULTPRINT((const u_char *)p, caplen);
 				return (hdrlen);
 			}
 			if (*p == LLC_XID_FI) {
-				ND_PRINT((ndo, ": %02x %02x", p[1], p[2]));
+				if (caplen < 3 || length < 3) {
+					ND_PRINT((ndo, "[|llc]"));
+					if (caplen > 0)
+						ND_DEFAULTPRINT((const u_char *)p, caplen);
+				} else
+					ND_PRINT((ndo, ": %02x %02x", p[1], p[2]));
 				return (hdrlen);
 			}
 		}
author	Guy Harris <guy@alum.mit.edu>	2015-07-04 17:33:54 -0700
committer	Francois-Xavier Le Bail <fx.lebail@yahoo.com>	2017-01-18 09:16:37 +0100
commit	bf7c00815ba0171a4735fcecc2cc5a3d9a467ace (patch)
tree	fd6d751d0e06c366b9c13d4a2ac5b1edcb6dc013 /print-llc.c
parent	e8a77162825188bd31eb96c99dc8e4432a2c6531 (diff)
download	tcpdump-bf7c00815ba0171a4735fcecc2cc5a3d9a467ace.tar.gz