From 505336e8b146b3f85ece8690f3a434f6a97dfe1f Mon Sep 17 00:00:00 2001
From: mtu <maxence.tury@ssi.gouv.fr>
Date: Wed, 15 Feb 2017 16:34:05 +0100
Subject: [PATCH] Fix bugs found with python-afl

---
 scapy/asn1/ber.py     | 4 +++-
 scapy/layers/inet6.py | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py
index b23184d6..3a51187b 100644
--- a/scapy/asn1/ber.py
+++ b/scapy/asn1/ber.py
@@ -90,6 +90,8 @@ def BER_num_enc(l, size=1):
             size -= 1
         return "".join([chr(k) for k in x])
 def BER_num_dec(s, cls_id=0):
+        if len(s) == 0:
+            raise BER_Decoding_Error("BER_num_dec: got empty string", remaining=s)
         x = cls_id
         for i, c in enumerate(s):
             c = ord(c)
@@ -445,7 +447,7 @@ class BERcodec_IPADDRESS(BERcodec_STRING):
         try:
             ipaddr_ascii = inet_ntoa(s)
         except Exception:
-            raise BER_Decoding_Error("IP address could not be decoded", decoded=obj)
+            raise BER_Decoding_Error("IP address could not be decoded", remaining=s)
         return cls.asn1_object(ipaddr_ascii), t
 
 class BERcodec_COUNTER32(BERcodec_INTEGER):
diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py
index 4fa93147..bbfc1c8d 100644
--- a/scapy/layers/inet6.py
+++ b/scapy/layers/inet6.py
@@ -366,7 +366,7 @@ class _IPv6GuessPayload:
     def default_payload_class(self,p):
         if self.nh == 58: # ICMPv6
             t = ord(p[0])
-            if len(p) > 2 and t == 139 or t == 140: # Node Info Query 
+            if len(p) > 2 and (t == 139 or t == 140): # Node Info Query
                 return _niquery_guesser(p)
             if len(p) >= icmp6typesminhdrlen.get(t, sys.maxint): # Other ICMPv6 messages
                 return get_cls(icmp6typescls.get(t,"Raw"), "Raw")
-- 
GitLab