Require "(ip|ip6) proto" value to be within range.

diff --git a/CHANGES b/CHANGES
index ab607aa7d8ab825e21fe27ec6e049b26a29372b6..030d9b2be549d78483ae4952168783fbc4660fd1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -59,6 +59,7 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
       Fix the "|" and "&" operators of the "byte" primitive.
       Require "byte" argument value to be within range.
       Require "link proto" argument value to be within range.
+      Require "(ip|ip6) proto" value to be within range.
     rpcap:
       Support user names and passwords in rpcap:// and rpcaps:// URLs.
       Add a -t flag to rpcapd to specify the data channel port; from

diff --git a/gencode.c b/gencode.c
index 746a7ec053ae102864eb41fe001bfe427088a27f..48b509b062cde0e6736f59b9dea262761c362d03 100644 (file)
--- a/gencode.c
+++ b/gencode.c
@@ -6423,6 +6423,7 @@ gen_proto(compiler_state_t *cstate, bpf_u_int32 v, int proto)
                return gen_linktype(cstate, v);
 
        case Q_IP:
+               assert_maxval(cstate, "protocol number", v, UINT8_MAX);
                /*
                 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
                 * not LLC encapsulation with LLCSAP_IP.
@@ -6460,6 +6461,7 @@ gen_proto(compiler_state_t *cstate, bpf_u_int32 v, int proto)
                break; // invalid qualifier
 
        case Q_IPV6:
+               assert_maxval(cstate, "protocol number", v, UINT8_MAX);
                b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
                /*
                 * Also check for a fragment header before the final

diff --git a/testprogs/TESTrun b/testprogs/TESTrun
index befd8aaefe55c101c4ffbadc9a226ec301f00261..35eb0cea7c2f3fd0dabdbc884889f890d01245b7 100755 (executable)
--- a/testprogs/TESTrun
+++ b/testprogs/TESTrun
@@ -13829,18 +13829,36 @@ my @reject_tests = (
                expr => 'proto nosuchprotocol',
                errstr => 'unknown ip proto',
        },
+       {
+               name => 'proto_256',
+               DLT => 'RAW',
+               expr => 'proto 256',
+               errstr => 'protocol number 256 greater than maximum 255',
+       },
        {
                name => 'ip_proto_invalid',
                DLT => 'RAW',
                expr => 'ip proto nosuchprotocol',
                errstr => 'unknown ip proto',
        },
+       {
+               name => 'ip_proto_256',
+               DLT => 'RAW',
+               expr => 'ip proto 256',
+               errstr => 'protocol number 256 greater than maximum 255',
+       },
        {
                name => 'ip6_proto_invalid',
                DLT => 'RAW',
                expr => 'ip6 proto nosuchprotocol',
                errstr => 'unknown ip proto',
        },
+       {
+               name => 'ip6_proto_256',
+               DLT => 'RAW',
+               expr => 'ip6 proto 256',
+               errstr => 'protocol number 256 greater than maximum 255',
+       },
        {
                name => 'proto_1_2_3_4',
                DLT => 'RAW',