summaryrefslogtreecommitdiff
path: root/addrtoname.c
diff options
context:
space:
mode:
Diffstat (limited to 'addrtoname.c')
-rw-r--r--addrtoname.c20
1 files changed, 11 insertions, 9 deletions
diff --git a/addrtoname.c b/addrtoname.c
index c679c83f..85cbf7b7 100644
--- a/addrtoname.c
+++ b/addrtoname.c
@@ -427,14 +427,15 @@ lookup_bytestring(netdissect_options *ndo, register const u_char *bs,
/* Find the hash node that corresponds the NSAP 'nsap' */
static inline struct enamemem *
-lookup_nsap(netdissect_options *ndo, register const u_char *nsap)
+lookup_nsap(netdissect_options *ndo, register const u_char *nsap,
+ register u_int nsap_length)
{
register u_int i, j, k;
- unsigned int nlen = *nsap;
struct enamemem *tp;
- const u_char *ensap = nsap + nlen - 6;
+ const u_char *ensap;
- if (nlen > 6) {
+ if (nsap_length > 6) {
+ ensap = nsap + nsap_length - 6;
k = (ensap[0] << 8) | ensap[1];
j = (ensap[2] << 8) | ensap[3];
i = (ensap[4] << 8) | ensap[5];
@@ -447,19 +448,20 @@ lookup_nsap(netdissect_options *ndo, register const u_char *nsap)
if (tp->e_addr0 == i &&
tp->e_addr1 == j &&
tp->e_addr2 == k &&
- tp->e_nsap[0] == nlen &&
+ tp->e_nsap[0] == nsap_length &&
memcmp((const char *)&(nsap[1]),
- (char *)&(tp->e_nsap[1]), nlen) == 0)
+ (char *)&(tp->e_nsap[1]), nsap_length) == 0)
return tp;
else
tp = tp->e_nxt;
tp->e_addr0 = i;
tp->e_addr1 = j;
tp->e_addr2 = k;
- tp->e_nsap = (u_char *)malloc(nlen + 1);
+ tp->e_nsap = (u_char *)malloc(nsap_length + 1);
if (tp->e_nsap == NULL)
(*ndo->ndo_error)(ndo, "lookup_nsap: malloc");
- memcpy((char *)tp->e_nsap, (const char *)nsap, nlen + 1);
+ tp->e_nsap[0] = (u_char)nsap_length; /* guaranteed < ISONSAP_MAX_LENGTH */
+ memcpy((char *)&tp->e_nsap[1], (const char *)nsap, nsap_length);
tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp));
if (tp->e_nxt == NULL)
(*ndo->ndo_error)(ndo, "lookup_nsap: calloc");
@@ -675,7 +677,7 @@ isonsap_string(netdissect_options *ndo, const u_char *nsap,
if (nsap_length < 1 || nsap_length > ISONSAP_MAX_LENGTH)
return ("isonsap_string: illegal length");
- tp = lookup_nsap(ndo, nsap);
+ tp = lookup_nsap(ndo, nsap, nsap_length);
if (tp->e_name)
return tp->e_name;
View Lorry Controller Status