BUG/MINOR: net_helper: fix incomplete decoding in sample_conv_eth_vlan

sample_conv_eth_vlan() reads the VLAN TCI at area[idx + 2] without
ensuring there are enough bytes. The original condition 'idx + 4 < data'
breaks when there IS room for more data, leading to an incomplete read
when trying to decode a VLAN ID.

This can be backported where this converter was backported.

diff --git a/src/net_helper.c b/src/net_helper.c
index 6b46bfe5e8ca221b5e3e8ee5e04461fe1c582e9c..e71abd9b0cae0f4f872c92f68aa53ef7c931a849 100644 (file)
--- a/src/net_helper.c
+++ b/src/net_helper.c
@@ -110,9 +110,8 @@ static int sample_conv_eth_vlan(const struct arg *arg_p, struct sample *smp, voi
                        smp->flags &= ~SMP_F_CONST;
                        return !!vlan;
                }
-               if (idx + 4 < smp->data.u.str.data)
+               if (idx + 4 > smp->data.u.str.data)
                        break;
-
                vlan = read_n16(smp->data.u.str.area + idx + 2) & 0xfff;
        }
        /* incomplete header */