Require "(iso|isis) proto" values to be within valid ranges.

diff --git a/CHANGES b/CHANGES
index d0def799fa392123e766f4a8b0543c2db59b456e..c05100a52ad1d41288977922c4c90aa0906dafb2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -53,6 +53,7 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
       Have "outbound" mean Tx only for DLT_SLIP.
       Filter Linux SocketCAN frames in userland if necessary.
       Enable "[wlan] dir/type/subtype" for DLT_PPI.
+      Require "(iso|isis) proto" values to be within valid ranges.
     rpcap:
       Support user names and passwords in rpcap:// and rpcaps:// URLs.
       Add a -t flag to rpcapd to specify the data channel port; from

diff --git a/gencode.c b/gencode.c
index a2795b65a25278a1330500c41af4e5dbfcbc1e9a..0c565b2d4d1c285d494bc785c735127172c99ada 100644 (file)
--- a/gencode.c
+++ b/gencode.c
@@ -254,6 +254,12 @@ struct addrinfo {
 #define ISIS_L2_CSNP         25
 #define ISIS_L1_PSNP         26
 #define ISIS_L2_PSNP         27
+/*
+ * The maximum possible value can also be used as a bit mask because the
+ * "PDU Type" field comprises the least significant 5 bits of a particular
+ * octet, see sections 9.5~9.13 of ISO/IEC 10589:2002(E).
+ */
+#define ISIS_PDU_TYPE_MAX 0x1FU
 
 #ifndef ISO8878A_CONS
 #define        ISO8878A_CONS           0x84
@@ -6541,6 +6547,7 @@ gen_proto(compiler_state_t *cstate, bpf_u_int32 v, int proto)
                break; // invalid qualifier
 
        case Q_ISO:
+               assert_maxval(cstate, "ISO protocol", v, UINT8_MAX);
                switch (cstate->linktype) {
 
                case DLT_FRELAY:
@@ -6588,6 +6595,7 @@ gen_proto(compiler_state_t *cstate, bpf_u_int32 v, int proto)
                break; // invalid qualifier
 
        case Q_ISIS:
+               assert_maxval(cstate, "IS-IS PDU type", v, ISIS_PDU_TYPE_MAX);
                b0 = gen_proto(cstate, ISO10589_ISIS, Q_ISO);
                /*
                 * 4 is the offset of the PDU type relative to the IS-IS

diff --git a/testprogs/TESTrun b/testprogs/TESTrun
index 7fa96fedd93b92e7e9702e7dbc2723b381d3260d..2ebe0156c8239b53a5b5cea57b793d6e8b1fbb4e 100755 (executable)
--- a/testprogs/TESTrun
+++ b/testprogs/TESTrun
@@ -12312,6 +12312,18 @@ my @reject_tests = (
                expr => 'action invalid',
                errstr => 'unknown PF action "invalid"',
        },
+       {
+               name => 'iso_proto_256',
+               DLT => 'EN10MB',
+               expr => 'iso proto 256',
+               errstr => 'ISO protocol 256 greater than maximum 255',
+       },
+       {
+               name => 'isis_proto_32',
+               DLT => 'EN10MB',
+               expr => 'isis proto 32',
+               errstr => 'IS-IS PDU type 32 greater than maximum 31',
+       },
 );
 
 push @reject_tests, {