From e150c713a2ea333e9ab173e062b447dd65c9a4ee Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Sun, 28 Apr 2019 14:38:52 +0200
Subject: EIGRP: Add two missing bounds checks

---
 print-eigrp.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'print-eigrp.c')

diff --git a/print-eigrp.c b/print-eigrp.c
index 5c975552..ea48a0ad 100644
--- a/print-eigrp.c
+++ b/print-eigrp.c
@@ -357,6 +357,7 @@ eigrp_print(netdissect_options *ndo, const u_char *pptr, u_int len)
             }
             byte_length = (bit_length + 7) / 8; /* variable length encoding */
             memset(prefix, 0, 4);
+            ND_TCHECK_LEN(tlv_ptr.eigrp_tlv_ip_int->destination, byte_length);
             memcpy(prefix, tlv_ptr.eigrp_tlv_ip_int->destination, byte_length);
 
             ND_PRINT("\n\t    IPv4 prefix: %15s/%u, nexthop: ",
@@ -392,6 +393,7 @@ eigrp_print(netdissect_options *ndo, const u_char *pptr, u_int len)
             }
             byte_length = (bit_length + 7) / 8; /* variable length encoding */
             memset(prefix, 0, 4);
+            ND_TCHECK_LEN(tlv_ptr.eigrp_tlv_ip_ext->destination, byte_length);
             memcpy(prefix, tlv_ptr.eigrp_tlv_ip_ext->destination, byte_length);
 
             ND_PRINT("\n\t    IPv4 prefix: %15s/%u, nexthop: ",
-- 
cgit v1.2.3