Fix hangs in nmrp code

diff --git a/nmrp.c b/nmrp.c
index 0fb583ed2428ca97cd7df91799fe0efb47089bfe..7a3bd7d2c289fea7b6dc25075048a818a2ae3f31 100644 (file)
--- a/nmrp.c
+++ b/nmrp.c
@@ -144,27 +144,6 @@ static void msg_dump(struct nmrp_msg *msg, int dump_opts)
 
        remain_len = msg->len - NMRP_HDR_LEN;
        fprintf(stderr, "%s\n", remain_len ? "" : " (no opts)");
-
-       if (dump_opts) {
-               opt = msg->opts;
-
-               while (remain_len > 0) {
-                       len = opt->len;
-                       fprintf(stderr, "  opt type=%u, len=%u", opt->type, len);
-                       if (len) {
-                               for (i = 0; i != len - NMRP_OPT_HDR_LEN; ++i) {
-                                       if (!(i % 16)) {
-                                               fprintf(stderr, "\n  ");
-                                       }
-
-                                       fprintf(stderr, "%02x ", ((char*)&opt->val)[i] & 0xff);
-                               }
-                               fprintf(stderr, "\n");
-                       }
-                       remain_len -= len;
-                       opt = NMRP_OPT_NEXT(opt);
-               }
-       }
 }
 
 static void msg_hton(struct nmrp_msg *msg)
@@ -207,7 +186,7 @@ static int msg_ntoh(struct nmrp_msg *msg)
                        opt->type = ntohs(opt->type);
                        opt->len = ntohs(opt->len);
 
-                       if (opt->len > NMRP_MAX_OPT_SIZE) {
+                       if (!opt->len || opt->len > NMRP_MAX_OPT_SIZE) {
                                break;
                        }
 
@@ -243,6 +222,10 @@ static void *msg_opt_data(struct nmrp_msg *msg, uint16_t type, uint16_t *len)
                        return buf;
                }
 
+               if (!opt->len) {
+                       break;
+               }
+
                remaining -= opt->len;
                opt = NMRP_OPT_NEXT(opt);
        }