summaryrefslogtreecommitdiffstats
path: root/freebsd/contrib/tcpdump/print-fr.c
diff options
context:
space:
mode:
Diffstat (limited to 'freebsd/contrib/tcpdump/print-fr.c')
-rw-r--r--freebsd/contrib/tcpdump/print-fr.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/freebsd/contrib/tcpdump/print-fr.c b/freebsd/contrib/tcpdump/print-fr.c
index 1b9f0c71..59a50c9f 100644
--- a/freebsd/contrib/tcpdump/print-fr.c
+++ b/freebsd/contrib/tcpdump/print-fr.c
@@ -463,6 +463,10 @@ mfr_print(netdissect_options *ndo,
*/
ND_TCHECK2(*p, 4); /* minimum frame header length */
+ if (length < 4) {
+ ND_PRINT((ndo, "Message too short (%u bytes)", length));
+ return length;
+ }
if ((p[0] & MFR_BEC_MASK) == MFR_CTRL_FRAME && p[1] == 0) {
ND_PRINT((ndo, "FRF.16 Control, Flags [%s], %s, length %u",
@@ -499,6 +503,11 @@ mfr_print(netdissect_options *ndo,
switch (ie_type) {
case MFR_CTRL_IE_MAGIC_NUM:
+ /* FRF.16.1 Section 3.4.3 Magic Number Information Element */
+ if (ie_len != 4) {
+ ND_PRINT((ndo, "(invalid length)"));
+ break;
+ }
ND_PRINT((ndo, "0x%08x", EXTRACT_32BITS(tptr)));
break;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 01:48:48 +0000