diff options
| author | Denis Ovsienko <denis@ovsienko.info> | 2015-09-05 21:17:30 +0100 |
|---|---|---|
| committer | Denis Ovsienko <denis@ovsienko.info> | 2015-09-19 20:32:27 +0100 |
| commit | 1f1771153757b79382d035b61d4c2c52ef4c9fb2 (patch) | |
| tree | 5823888fbfe26659165a61c65d1aef2523ba3aee /print-dtp.c | |
| parent | de7c6192e47b605a48b6fc37adf8de31a1b331a3 (diff) | |
| download | tcpdump-1f1771153757b79382d035b61d4c2c52ef4c9fb2.tar.gz | |
DTP: improve packet integrity checks
Adjust the TLV infinite loop check to require the right amount of bytes
for T and L; do it after printing the TLV header so it is easier to
understand what was wrong. Check if the TLV V is within the capture. Use
the new "invalid" exit label to indicate a packet anomaly and add more
checks for the length value into the type-specific case blocks. Print
the domain string with fn_printzp().
Diffstat (limited to 'print-dtp.c')
| -rw-r--r-- | print-dtp.c | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/print-dtp.c b/print-dtp.c index 3381ad80..4170cc7a 100644 --- a/print-dtp.c +++ b/print-dtp.c @@ -27,6 +27,9 @@ #include "addrtoname.h" #include "extract.h" +static const char tstr[] = " [|dtp]"; +static const char istr[] = " (invalid)"; + #define DTP_HEADER_LEN 1 #define DTP_DOMAIN_TLV 0x0001 #define DTP_STATUS_TLV 0x0002 @@ -70,30 +73,36 @@ dtp_print (netdissect_options *ndo, const u_char *pptr, u_int length) while (tptr < (pptr+length)) { ND_TCHECK2(*tptr, 4); - type = EXTRACT_16BITS(tptr); len = EXTRACT_16BITS(tptr+2); - - /* infinite loop check */ - if (type == 0 || len == 0) { + /* XXX: should not be but sometimes it is, see the test captures */ + if (type == 0) return; - } - ND_PRINT((ndo, "\n\t%s (0x%04x) TLV, length %u", tok2str(dtp_tlv_values, "Unknown", type), type, len)); + /* infinite loop check */ + if (len < 4) + goto invalid; + ND_TCHECK2(*tptr, len); + switch (type) { case DTP_DOMAIN_TLV: - ND_PRINT((ndo, ", %s", tptr+4)); + ND_PRINT((ndo, ", ")); + fn_printzp(ndo, tptr+4, len-4, pptr+length); break; case DTP_STATUS_TLV: case DTP_DTP_TYPE_TLV: + if (len < 5) + goto invalid; ND_PRINT((ndo, ", 0x%x", *(tptr+4))); break; case DTP_NEIGHBOR_TLV: + if (len < 10) + goto invalid; ND_PRINT((ndo, ", %s", etheraddr_string(ndo, tptr+4))); break; @@ -105,8 +114,11 @@ dtp_print (netdissect_options *ndo, const u_char *pptr, u_int length) return; + invalid: + ND_PRINT((ndo, "%s", istr)); + return; trunc: - ND_PRINT((ndo, "[|dtp]")); + ND_PRINT((ndo, "%s", tstr)); } /* |