tcpdump/tcpdump-3.9.6-bgp-overflow.diff

21 lines
732 B
Diff

--- print-bgp.c
+++ print-bgp.c
@@ -669,7 +669,7 @@
tlen-=15;
/* ok now the variable part - lets read out TLVs*/
- while (tlen>0) {
+ while (tlen>0 && strlen <= buflen) {
if (tlen < 3)
return -1;
TCHECK2(pptr[0], 3);
@@ -684,7 +684,7 @@
tlv_type,
tlv_len);
ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ? */
- while (ttlv_len>0) {
+ while (ttlv_len>0 && strlen <= buflen) {
TCHECK(pptr[0]);
strlen+=snprintf(buf+strlen,buflen-strlen, "%02x",*pptr++);
ttlv_len--;