From 03ffca3544b4d4e6b4db8a84a27935f87ccd1eac Mon Sep 17 00:00:00 2001
From: "Joseph C. Lehner" <joseph.c.lehner@gmail.com>
Date: Fri, 18 Nov 2016 16:53:21 +0100
Subject: [PATCH] Fix hangs in nmrp code

---
 nmrp.c | 27 +++++----------------------
 1 file changed, 5 insertions(+), 22 deletions(-)

diff --git a/nmrp.c b/nmrp.c
index 0fb583e..7a3bd7d 100644
--- a/nmrp.c
+++ b/nmrp.c
@@ -144,27 +144,6 @@ static void msg_dump(struct nmrp_msg *msg, int dump_opts)
 
 	remain_len = msg->len - NMRP_HDR_LEN;
 	fprintf(stderr, "%s\n", remain_len ? "" : " (no opts)");
-
-	if (dump_opts) {
-		opt = msg->opts;
-
-		while (remain_len > 0) {
-			len = opt->len;
-			fprintf(stderr, "  opt type=%u, len=%u", opt->type, len);
-			if (len) {
-				for (i = 0; i != len - NMRP_OPT_HDR_LEN; ++i) {
-					if (!(i % 16)) {
-						fprintf(stderr, "\n  ");
-					}
-
-					fprintf(stderr, "%02x ", ((char*)&opt->val)[i] & 0xff);
-				}
-				fprintf(stderr, "\n");
-			}
-			remain_len -= len;
-			opt = NMRP_OPT_NEXT(opt);
-		}
-	}
 }
 
 static void msg_hton(struct nmrp_msg *msg)
@@ -207,7 +186,7 @@ static int msg_ntoh(struct nmrp_msg *msg)
 			opt->type = ntohs(opt->type);
 			opt->len = ntohs(opt->len);
 
-			if (opt->len > NMRP_MAX_OPT_SIZE) {
+			if (!opt->len || opt->len > NMRP_MAX_OPT_SIZE) {
 				break;
 			}
 
@@ -243,6 +222,10 @@ static void *msg_opt_data(struct nmrp_msg *msg, uint16_t type, uint16_t *len)
 			return buf;
 		}
 
+		if (!opt->len) {
+			break;
+		}
+
 		remaining -= opt->len;
 		opt = NMRP_OPT_NEXT(opt);
 	}
-- 
2.25.1