From 3e69db49e3c0b8e59c80782e6bad3b02336a28d2 Mon Sep 17 00:00:00 2001
From: Nathaniel Ferguson <nathaniel@leapfrog.foundation>
Date: Sun, 3 May 2020 03:17:46 -0400
Subject: proto_lldp: fix pointer increment in LLDP_TLV_SYSTEM_CAP case

Fixed a typo wherein a pointer was incremented by sizeof(uint32_t) after
reading sizeof(uint16_t) and before reading another sizeof(uint16_t). In
essence a potential out of bounds memory access (read) due to improper
increment of pointer

Signed-off-by: Nathaniel Ferguson <nathaniel@leapfrog.foundation>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 proto_lldp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proto_lldp.c b/proto_lldp.c
index 1640d19..889169a 100644
--- a/proto_lldp.c
+++ b/proto_lldp.c
@@ -356,7 +356,7 @@ static void lldp(struct pkt_buff *pkt)
 				goto out_invalid;
 
 			sys_cap = EXTRACT_16BIT(tlv_info_str);
-			tlv_info_str += sizeof(uint32_t);
+			tlv_info_str += sizeof(uint16_t);
 			en_cap = EXTRACT_16BIT(tlv_info_str);
 
 			tprintf(" (");
-- 
cgit v1.2.3-54-g00ecf