Add some sanity checking of the arguments to "print_unknown_data()", as

per the problems found by Gerald Combs.

diff --git a/util.c b/util.c
index 4e04b0a99ba156cea401f3bff0dc60c7f7a851ee..178525d4a0c6af2c8acc77acc792a4eed719312a 100644 (file)
--- a/util.c
+++ b/util.c
@@ -21,7 +21,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/util.c,v 1.99 2005-05-06 08:26:45 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/util.c,v 1.100 2005-06-16 01:19:38 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -242,8 +242,18 @@ relts_print(int secs)
 int
 print_unknown_data(const u_char *cp,const char *ident,int len)
 {
+       if (len < 0) {
+               printf("%sDissector error: print_unknown_data called with negative length",
+                   ident);
+               return(0);
+       }
        if (snapend - cp < len)
                len = snapend - cp;
+       if (len < 0) {
+               printf("%sDissector error: print_unknown_data called with pointer past end of packet",
+                   ident);
+               return(0);
+       }
         hex_print(ident,cp,len);
        return(1); /* everything is ok */
 }