diff options
| author | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2020-01-18 17:32:36 +0100 |
|---|---|---|
| committer | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2020-01-18 19:30:38 +0100 |
| commit | 521ac1db3f6ba4654aa94227d9c146ab55c7d84f (patch) | |
| tree | d84a7a088bf483d2e06fe1a56214ca584fa6e4a5 /print-ldp.c | |
| parent | 840c934e3e2dd1793e469d426abf6bf4afd0069b (diff) | |
| download | tcpdump-521ac1db3f6ba4654aa94227d9c146ab55c7d84f.tar.gz | |
LDP: Add some missing bounds checks
Replace calls to ipaddr_string()/ip6addr_string() with calls to
GET_IPADDR_STRING()/GET_IP6ADDR_STRING() macros performing bounds
checking.
Fix a regression in 78a4ee82226a3fe19981841dfe24d5e9cb437524.
This fixes a buffer over-read in ldp_tlv_print() discovered by
Jason Xiaole.
Add a test using the capture file supplied by the reporter updated
to keep only the packet showing the buffer over-read.
Diffstat (limited to 'print-ldp.c')
| -rw-r--r-- | print-ldp.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/print-ldp.c b/print-ldp.c index b747fe7d..b05a1218 100644 --- a/print-ldp.c +++ b/print-ldp.c @@ -288,11 +288,11 @@ ldp_tlv_print(netdissect_options *ndo, case LDP_TLV_IPV4_TRANSPORT_ADDR: TLV_TCHECK(4); - ND_PRINT("\n\t IPv4 Transport Address: %s", ipaddr_string(ndo, tptr)); + ND_PRINT("\n\t IPv4 Transport Address: %s", GET_IPADDR_STRING(tptr)); break; case LDP_TLV_IPV6_TRANSPORT_ADDR: TLV_TCHECK(16); - ND_PRINT("\n\t IPv6 Transport Address: %s", ip6addr_string(ndo, tptr)); + ND_PRINT("\n\t IPv6 Transport Address: %s", GET_IP6ADDR_STRING(tptr)); break; case LDP_TLV_CONFIG_SEQ_NUMBER: TLV_TCHECK(4); @@ -310,7 +310,7 @@ ldp_tlv_print(netdissect_options *ndo, case AFNUM_INET: while(tlv_tlen >= sizeof(nd_ipv4)) { ND_TCHECK_LEN(tptr, sizeof(nd_ipv4)); - ND_PRINT(" %s", ipaddr_string(ndo, tptr)); + ND_PRINT(" %s", GET_IPADDR_STRING(tptr)); tlv_tlen-=sizeof(nd_ipv4); tptr+=sizeof(nd_ipv4); } @@ -318,7 +318,7 @@ ldp_tlv_print(netdissect_options *ndo, case AFNUM_INET6: while(tlv_tlen >= sizeof(nd_ipv6)) { ND_TCHECK_LEN(tptr, sizeof(nd_ipv6)); - ND_PRINT(" %s", ip6addr_string(ndo, tptr)); + ND_PRINT(" %s", GET_IP6ADDR_STRING(tptr)); tlv_tlen-=sizeof(nd_ipv6); tptr+=sizeof(nd_ipv6); } @@ -606,7 +606,7 @@ ldp_pdu_print(netdissect_options *ndo, /* print the LSR-ID, label-space & length */ ND_PRINT("%sLDP, Label-Space-ID: %s:%u, pdu-length: %u", (ndo->ndo_vflag < 1) ? "" : "\n\t", - ipaddr_string(ndo, ldp_com_header->lsr_id), + GET_IPADDR_STRING(ldp_com_header->lsr_id), GET_BE_U_2(ldp_com_header->label_space), pdu_len); |