Require "protochain" value to be within range.

This is wrong:
$ filtertest EN10MB 'ip protochain 0x12345678'
(000) ldh      [12]
(001) jeq      #0x800           jt 2	jf 23
(002) ldb      [23]
(003) ldxb     4*([14]&0xf)
(004) jeq      #0x12345678      jt 20	jf 5
[...]

diff --git a/CHANGES b/CHANGES
index 030d9b2be549d78483ae4952168783fbc4660fd1..a8531345e21cb23416c035b88c996c09d05472e4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -60,6 +60,7 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
       Require "byte" argument value to be within range.
       Require "link proto" argument value to be within range.
       Require "(ip|ip6) proto" value to be within range.
+      Require "protochain" value to be within range.
     rpcap:
       Support user names and passwords in rpcap:// and rpcaps:// URLs.
       Add a -t flag to rpcapd to specify the data channel port; from

diff --git a/gencode.c b/gencode.c
index 92b3968211a3d3f745c2d4055c19bc2be1341a2e..0fcd070fab41c7e7814bbfd17e45fc5b0e832f74 100644 (file)
--- a/gencode.c
+++ b/gencode.c
@@ -6000,6 +6000,7 @@ gen_protochain(compiler_state_t *cstate, bpf_u_int32 v, int proto)
        switch (proto) {
        case Q_IP:
        case Q_IPV6:
+               assert_maxval(cstate, "protocol number", v, UINT8_MAX);
                break;
        case Q_DEFAULT:
                b0 = gen_protochain(cstate, v, Q_IP);

diff --git a/testprogs/TESTrun b/testprogs/TESTrun
index 77d926f1b585ce552847a2ee1438b2b79bd2a98e..ad4efffe6596f1484d3986ecbf031e358a6aa749 100755 (executable)
--- a/testprogs/TESTrun
+++ b/testprogs/TESTrun
@@ -14540,6 +14540,27 @@ my @reject_tests = (
                expr => 'ip6 protochain nosuchprotocol',
                errstr => 'unknown ip proto',
        },
+       {
+               name => 'protochain_256',
+               skip => skip_config_def1 ('NO_PROTOCHAIN'),
+               DLT => 'RAW',
+               expr => 'protochain 256',
+               errstr => 'protocol number 256 greater than maximum 255',
+       },
+       {
+               name => 'ip_protochain_256',
+               skip => skip_config_def1 ('NO_PROTOCHAIN'),
+               DLT => 'RAW',
+               expr => 'ip protochain 256',
+               errstr => 'protocol number 256 greater than maximum 255',
+       },
+       {
+               name => 'ip6_protochain_256',
+               skip => skip_config_def1 ('NO_PROTOCHAIN'),
+               DLT => 'RAW',
+               expr => 'ip6 protochain 256',
+               errstr => 'protocol number 256 greater than maximum 255',
+       },
        {
                name => 'proto_invalid',
                DLT => 'RAW',