From 5f76ebca43302f98858e83a6212d9c610e939bad Mon Sep 17 00:00:00 2001
From: fenner <fenner@FreeBSD.org>
Date: Sun, 2 Mar 2003 08:22:26 +0000
Subject: Import tcpdump 3.7.2 (fudging for multi-DLT support) from
 http://www.tcpdump.org/release/tcpdump-3.7.2.tar.gz

---
 contrib/tcpdump/print-isakmp.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

(limited to 'contrib/tcpdump/print-isakmp.c')

diff --git a/contrib/tcpdump/print-isakmp.c b/contrib/tcpdump/print-isakmp.c
index 909f0b95..6e5c58d 100644
--- a/contrib/tcpdump/print-isakmp.c
+++ b/contrib/tcpdump/print-isakmp.c
@@ -30,7 +30,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.29 2001/10/26 03:41:29 itojun Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.29.2.2 2003/02/26 05:58:39 fenner Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -43,9 +43,6 @@ static const char rcsid[] =
 #include <sys/time.h>
 #include <sys/socket.h>
 
-struct mbuf;
-struct rtentry;
-
 #include <netinet/in.h>
 
 #include <stdio.h>
@@ -1028,6 +1025,7 @@ isakmp_sub0_print(u_char np, struct isakmp_gen *ext, u_char *ep,
 {
 	u_char *cp;
 	struct isakmp_gen e;
+	u_int item_len;
 
 	cp = (u_char *)ext;
 	safememcpy(&e, ext, sizeof(e));
@@ -1036,7 +1034,16 @@ isakmp_sub0_print(u_char np, struct isakmp_gen *ext, u_char *ep,
 		cp = (*NPFUNC(np))(ext, ep, phase, doi, proto);
 	else {
 		printf("%s", NPSTR(np));
-		cp += ntohs(e.len);
+		item_len = ntohs(e.len);
+		if (item_len == 0) {
+			/*
+			 * We don't want to loop forever processing this
+			 * bogus (zero-length) item; return NULL so that
+			 * we stop dissecting.
+			 */
+			cp = NULL;
+		} else
+			cp += item_len;
 	}
 	return cp;
 }
@@ -1069,6 +1076,11 @@ isakmp_sub_print(u_char np, struct isakmp_gen *ext, u_char *ep,
 		printf(")");
 		depth--;
 
+		if (cp == NULL) {
+			/* Zero-length subitem */
+			return NULL;
+		}
+
 		np = e.np;
 		ext = (struct isakmp_gen *)cp;
 	}
-- 
cgit v1.1