proto_lldp: fix pointer increment in LLDP_TLV_SYSTEM_CAP case

Fixed a typo wherein a pointer was incremented by sizeof(uint32_t) after reading sizeof(uint16_t) and before reading another sizeof(uint16_t). In essence a potential out of bounds memory access (read) due to improper increment of pointer Signed-off-by: Nathaniel Ferguson <[email protected]> Signed-off-by: Tobias Klauser <[email protected]>
netsniff-ng · May 4, 2020 · 3e69db4 · 3e69db4
1 parent a8c3c53
commit 3e69db4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/proto_lldp.c b/proto_lldp.c
@@ -356,7 +356,7 @@ static void lldp(struct pkt_buff *pkt)
  goto out_invalid;
 
  sys_cap = EXTRACT_16BIT(tlv_info_str);
- tlv_info_str += sizeof(uint32_t);
+ tlv_info_str += sizeof(uint16_t);
  en_cap = EXTRACT_16BIT(tlv_info_str);
 
  tprintf(" (");