dissector: lldp: NULL check before dereference

Check return value of pkt_pull before dereferencing it (even though we check the packet length before and pkt_pull _should_ never return NULL). This was discovered by the coverity scanner. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
author: Tobias Klauser <tklauser@distanz.ch> 2013-05-12 12:33:53 +0200
committer: Tobias Klauser <tklauser@distanz.ch> 2013-05-12 12:33:53 +0200
commit: 10a80a61d67516c0ba4c13a7c07e9ebfa6fab9c5 (patch)
tree: f69e0c17e7170477a01e2f73c3d90483f4e4d46a
parent: 21adfd2ba4324bb8575b17ecd76c0f3b3988246e (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/proto_lldp.c b/proto_lldp.c
index 22b7684..4e33048 100644
--- a/proto_lldp.c
+++ b/proto_lldp.c
@@ -163,7 +163,11 @@ static void lldp(struct pkt_buff *pkt)
 	tprintf(" [ LLDP ");
 
 	while (len >= sizeof(tlv_hdr)) {
-		tlv_hdr = EXTRACT_16BIT(pkt_pull(pkt, sizeof(tlv_hdr)));
+		uint8_t *data = pkt_pull(pkt, sizeof(tlv_hdr));
+		if (data == NULL)
+			goto out_invalid;
+
+		tlv_hdr = EXTRACT_16BIT(data);
 		tlv_type = LLDP_TLV_TYPE(tlv_hdr);
 		tlv_len = LLDP_TLV_LENGTH(tlv_hdr);
 
@@ -442,7 +446,11 @@ static void lldp_less(struct pkt_buff *pkt)
 	len = pkt_len(pkt);
 
 	while (len >= sizeof(tlv_hdr)) {
-		tlv_hdr = EXTRACT_16BIT(pkt_pull(pkt, sizeof(tlv_hdr)));
+		uint8_t *data = pkt_pull(pkt, sizeof(tlv_hdr));
+		if (data == NULL)
+			break;
+
+		tlv_hdr = EXTRACT_16BIT(data);
 		tlv_type = LLDP_TLV_TYPE(tlv_hdr);
 		tlv_len = LLDP_TLV_LENGTH(tlv_hdr);
author	Tobias Klauser <tklauser@distanz.ch>	2013-05-12 12:33:53 +0200
committer	Tobias Klauser <tklauser@distanz.ch>	2013-05-12 12:33:53 +0200
commit	10a80a61d67516c0ba4c13a7c07e9ebfa6fab9c5 (patch)
tree	f69e0c17e7170477a01e2f73c3d90483f4e4d46a
parent	21adfd2ba4324bb8575b17ecd76c0f3b3988246e (diff)