#include "addrtoname.h"
#include "extract.h"
+#include "diag-control.h"
+
#include "tcp.h"
#include "ip.h"
uint16_t magic;
int rev;
const struct ip6_hdr *ip6;
+ u_int header_len; /* Header length in bytes */
ndo->ndo_protocol = "tcp";
tp = (const struct tcphdr *)bp;
break;
case TCPOPT_MPTCP:
+ {
+ const u_char *snapend_save;
+ int ret;
+
datalen = len - 2;
LENCHECK(datalen);
/* FIXME: Proof-read mptcp_print() and if it
* only do ND_TCHECK_LEN() if it returned 0.
*/
ND_TCHECK_LEN(cp, datalen);
- if (!mptcp_print(ndo, cp-2, len, flags))
+ /* Update the snapend to the end of the option
+ * before calling mptcp_print(). Some options
+ * (MPTCP or others) may be present after a
+ * MPTCP option. This prevents that, in
+ * mptcp_print(), the remaining length < the
+ * remaining caplen.
+ */
+ snapend_save = ndo->ndo_snapend;
+ ndo->ndo_snapend = ND_MIN(cp - 2 + len,
+ ndo->ndo_snapend);
+ ret = mptcp_print(ndo, cp - 2, len, flags);
+ ndo->ndo_snapend = snapend_save;
+ if (!ret)
goto bad;
break;
+ }
case TCPOPT_FASTOPEN:
datalen = len - 2;
/*
* Decode payload if necessary.
*/
- bp += TH_OFF(tp) * 4;
+ header_len = TH_OFF(tp) * 4;
+ /*
+ * Do a bounds check before decoding the payload.
+ * At least the header data is required.
+ */
+ if (!ND_TTEST_LEN(bp, header_len)) {
+ ND_PRINT(" [remaining caplen(%u) < header length(%u)]",
+ ND_BYTES_AVAILABLE_AFTER(bp), header_len);
+ nd_trunc_longjmp(ndo);
+ }
+ bp += header_len;
if ((flags & TH_RST) && ndo->ndo_vflag) {
print_tcp_rst_data(ndo, bp, length);
return;
}
#ifdef HAVE_LIBCRYPTO
-USES_APPLE_DEPRECATED_API
+DIAG_OFF_DEPRECATION
static int
tcp_verify_signature(netdissect_options *ndo,
const struct ip *ip, const struct tcphdr *tp,
else
return (SIGNATURE_INVALID);
}
-USES_APPLE_RST
+DIAG_ON_DEPRECATION
#endif /* HAVE_LIBCRYPTO */
projects / tcpdump / blobdiff