Skip to content

Commit 0f95d44

Browse files
committed
Do bounds checking when unescaping PPP.
Clean up a const issue while we're at it.
1 parent 15d235c commit 0f95d44

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

Diff for: print-ppp.c

+8-8
Original file line numberDiff line numberDiff line change
@@ -1351,14 +1351,15 @@ static void
13511351
ppp_hdlc(netdissect_options *ndo,
13521352
const u_char *p, int length)
13531353
{
1354-
u_char *b, *s, *t, c;
1354+
u_char *b, *t, c;
1355+
const u_char *s;
13551356
int i, proto;
13561357
const void *se;
13571358

13581359
if (length <= 0)
13591360
return;
13601361

1361-
b = (uint8_t *)malloc(length);
1362+
b = (u_char *)malloc(length);
13621363
if (b == NULL)
13631364
return;
13641365

@@ -1367,14 +1368,13 @@ ppp_hdlc(netdissect_options *ndo,
13671368
* Do this so that we dont overwrite the original packet
13681369
* contents.
13691370
*/
1370-
for (s = (u_char *)p, t = b, i = length; i > 0; i--) {
1371+
for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) {
13711372
c = *s++;
13721373
if (c == 0x7d) {
1373-
if (i > 1) {
1374-
i--;
1375-
c = *s++ ^ 0x20;
1376-
} else
1377-
continue;
1374+
if (i <= 1 || !ND_TTEST(*s))
1375+
break;
1376+
i--;
1377+
c = *s++ ^ 0x20;
13781378
}
13791379
*t++ = c;
13801380
}

0 commit comments

Comments
 (0)