RPKI to Router Protocol: Fix Segmentation Faults and other problems

-Fix/add ND_TCHECK2 tests,
-Fix a buffer overflow,
-Remove a debug printf

1 files changed, 5 insertions, 4 deletions

diff --git a/print-rpki-rtr.c b/print-rpki-rtr.c
index da55dd36..3dc15d90 100644
--- a/print-rpki-rtr.c
+++ b/print-rpki-rtr.c
@@ -178,7 +178,7 @@ rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent)
     pdu_header = (rpki_rtr_pdu *)tptr;
     pdu_type = pdu_header->pdu_type;
     pdu_len = EXTRACT_32BITS(pdu_header->length);
-    ND_TCHECK2(tptr, pdu_len);
+    ND_TCHECK2(*tptr, pdu_len);
     hexdump = FALSE;
 
     ND_PRINT((ndo, "%sRPKI-RTRv%u, %s PDU (%u), length: %u",
@@ -255,6 +255,7 @@ rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent)
 
 	    pdu = (rpki_rtr_pdu_error_report *)tptr;
 	    encapsulated_pdu_length = EXTRACT_32BITS(pdu->encapsulated_pdu_length);
+	    ND_TCHECK2(*tptr, encapsulated_pdu_length);
 	    tlen = pdu_len;
 
 	    error_code = EXTRACT_16BITS(pdu->pdu_header.u.error_code);
@@ -287,10 +288,10 @@ rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent)
 		tptr += 4;
 		tlen -= 4;
 	    }
-            printf("text_length: %u tlen %u\n", text_length, tlen);
+	    ND_TCHECK2(*tptr, text_length);
 	    if (text_length && (text_length <= tlen )) {
 		memcpy(buf, tptr, min(sizeof(buf)-1, text_length));
-		buf[text_length] = '\0';
+		buf[min(sizeof(buf) - 1, text_length)] = '\0';
 		ND_PRINT((ndo, "%sError text: %s", indent_string(indent+2), buf));
 	    }
 	}
@@ -337,13 +338,13 @@ rpki_rtr_print(netdissect_options *ndo, register const u_char *pptr, register u_
 	pdu_header = (rpki_rtr_pdu *)tptr;
         pdu_type = pdu_header->pdu_type;
         pdu_len = EXTRACT_32BITS(pdu_header->length);
+        ND_TCHECK2(*tptr, pdu_len);
 
         /* infinite loop check */
         if (!pdu_type || !pdu_len) {
             break;
         }
 
-        ND_TCHECK2(*tptr, pdu_len);
         if (tlen < pdu_len) {
             goto trunc;
         }