Fix crash in msg_dump if opt->len == 0

diff --git a/nmrp.c b/nmrp.c
index 20662fccc1bf15bd0854d1bd202f02f156332426..ab1e071eb2c7cae5e2bafc8d8fd0199e27692399 100644 (file)
--- a/nmrp.c
+++ b/nmrp.c
@@ -142,14 +142,16 @@ static void msg_dump(struct nmrp_msg *msg, int dump_opts)
                while (remain_len > 0) {
                        len = opt->len;
                        fprintf(stderr, "  opt type=%u, len=%u", opt->type, len);
-                       for (i = 0; i != len - NMRP_OPT_HDR_LEN; ++i) {
-                               if (!(i % 16)) {
-                                       fprintf(stderr, "\n  ");
-                               }
+                       if (len) {
+                               for (i = 0; i != len - NMRP_OPT_HDR_LEN; ++i) {
+                                       if (!(i % 16)) {
+                                               fprintf(stderr, "\n  ");
+                                       }
 
-                               fprintf(stderr, "%02x ", ((char*)&opt->val)[i] & 0xff);
+                                       fprintf(stderr, "%02x ", ((char*)&opt->val)[i] & 0xff);
+                               }
+                               fprintf(stderr, "\n");
                        }
-                       fprintf(stderr, "\n");
                        remain_len -= len;
                        opt = (struct nmrp_opt*)(((char*)opt) + len);
                }