Merge some cherry-picked fixes originating in OpenBSD

Check whether the version field is available before looking at it. While we're at it, use ND_TCHECK(), rather than a hand-rolled check, to check whether we have the full fixed-length portion of the IPv4 header. commit c67afe913011138a2504ec4d3d423b48e73b12f3 Do more length checking. From OpenBSD. commit d7516761f9c4877bcb05bb6543be3543e165249
2015-01-27 01:39:42 +00:00 · 2015-01-27 01:39:42 +00:00 · 927a3633f0
commit 927a3633f0
parent 08263d1957
2 changed files with 8 additions and 5 deletions
--- a/print-ip.c
+++ b/print-ip.c
@ -529,6 +529,7 @@ ip_print(netdissect_options *ndo,
 	struct protoent *proto;

 	ipds->ip = (const struct ip *)bp;
+	ND_TCHECK(ipds->ip->ip_vhl);
 	if (IP_V(ipds->ip) != 4) { /* print version if != 4 */
 	    ND_PRINT((ndo, "IP%u ", IP_V(ipds->ip)));
 	    if (IP_V(ipds->ip) == 6)
@ -537,10 +538,7 @@ ip_print(netdissect_options *ndo,
 	else if (!ndo->ndo_eflag)
 		ND_PRINT((ndo, "IP "));

-	if ((u_char *)(ipds->ip + 1) > ndo->ndo_snapend) {
-		ND_PRINT((ndo, "%s", tstr));
-		return;
-	}
+	ND_TCHECK(*ipds->ip);
 	if (length < sizeof (struct ip)) {
 		ND_PRINT((ndo, "truncated-ip %u", length));
 		return;
@ -669,6 +667,11 @@ ip_print(netdissect_options *ndo,
 				ND_PRINT((ndo, " ip-proto-%d", ipds->ip->ip_p));
 		}
 	}
+	return;
+
+trunc:
+	ND_PRINT((ndo, "%s", tstr));
+	return;
 }

 void
--- a/print-sl.c
+++ b/print-sl.c
@ -62,7 +62,7 @@ sl_if_print(netdissect_options *ndo,
 	register u_int length = h->len;
 	register const struct ip *ip;

-	if (caplen < SLIP_HDRLEN) {
+	if (caplen < SLIP_HDRLEN || length < SLIP_HDRLEN) {
 		ND_PRINT((ndo, "%s", tstr));
 		return (caplen);
 	}