mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-05-02 00:02:55 +02:00
43 lines
1.4 KiB
Diff
43 lines
1.4 KiB
Diff
borrowed from fedora
|
|
fix for CAN-2005-1279
|
|
|
|
--- tcpdump-3.8.2/print-ldp.c.t4 2003-11-16 10:36:27.000000000 +0100
|
|
+++ tcpdump-3.8.2/print-ldp.c 2005-04-28 14:17:15.000000000 +0200
|
|
@@ -327,7 +327,8 @@
|
|
LDP_MASK_U_BIT(EXTRACT_16BITS(&ldp_msg_header->type)) ? "continue processing" : "ignore");
|
|
|
|
msg_tptr=tptr+sizeof(struct ldp_msg_header);
|
|
- msg_tlen=msg_len-sizeof(struct ldp_msg_header)+4; /* Type & Length fields not included */
|
|
+ /* Type & Length fields not included */
|
|
+ msg_tlen = (msg_len >= (sizeof(struct ldp_msg_header) + 4)) ? (msg_len - sizeof(struct ldp_msg_header) + 4) : 0;
|
|
|
|
/* did we capture enough for fully decoding the message ? */
|
|
if (!TTEST2(*tptr, msg_len))
|
|
@@ -372,8 +373,12 @@
|
|
print_unknown_data(tptr+sizeof(sizeof(struct ldp_msg_header)),"\n\t ",
|
|
msg_len);
|
|
|
|
- tptr+=msg_len;
|
|
- tlen-=msg_len;
|
|
+ if(!msg_len)
|
|
+ break;
|
|
+ else {
|
|
+ tptr+=msg_len;
|
|
+ tlen-=msg_len;
|
|
+ }
|
|
}
|
|
return;
|
|
trunc:
|
|
--- tcpdump-3.8.2/print-ascii.c.t4 2003-12-29 12:05:10.000000000 +0100
|
|
+++ tcpdump-3.8.2/print-ascii.c 2005-04-28 14:05:42.000000000 +0200
|
|
@@ -142,6 +142,9 @@
|
|
register int nshorts;
|
|
|
|
nshorts = (u_int) length / sizeof(u_short);
|
|
+ if(!nshorts)
|
|
+ return;
|
|
+
|
|
i = 0;
|
|
while (--nshorts >= 0) {
|
|
if ((i++ % 8) == 0) {
|