* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#ifdef __linux__
#include "pim_igmp_mtrace.h"
int mtrace_len;
int responses;
unsigned short sum;
+ size_t mtrace_off;
+ size_t ip_len;
recvd = recvfrom(fd, mtrace_buf, IP_AND_MTRACE_BUF_LEN, 0, NULL, 0);
if (sum != in_cksum(ip, ip->ip_hl * 4))
return -1;
- mtrace = (struct igmp_mtrace *)(mtrace_buf + (4 * ip->ip_hl));
-
- mtrace_len = ntohs(ip->ip_len) - ip->ip_hl * 4;
+ /* Header overflow check */
+ mtrace_off = 4 * ip->ip_hl;
+ if (mtrace_off > MTRACE_BUF_LEN)
+ return -1;
- if (mtrace_len < (int)MTRACE_HDR_SIZE)
+ /* Underflow/overflow check */
+ ip_len = ntohs(ip->ip_len);
+ if (ip_len < mtrace_off || ip_len < MTRACE_HDR_SIZE
+ || ip_len > MTRACE_BUF_LEN)
return -1;
+ mtrace_len = ip_len - mtrace_off;
+ mtrace = (struct igmp_mtrace *)(mtrace_buf + mtrace_off);
+
sum = mtrace->checksum;
mtrace->checksum = 0;
if (sum != in_cksum(mtrace, mtrace_len)) {
{
fd_set readfds;
struct timeval timeout;
- int ret = -1;
+ int ret;
long msec, rmsec, tmsec;
FD_ZERO(&readfds);