Use more the EXTRACT_U_1() macro (40/n)

[tcpdump] / print-zeromq.c

diff --git a/print-zeromq.c b/print-zeromq.c
index 92917ed414897a49fc5f0727eea78c5dc6130fb8..8d34fc6aa1dddad748ba40503a06d3f3e5d8d89c 100644 (file)
--- a/print-zeromq.c
+++ b/print-zeromq.c
@@ -1,7 +1,4 @@
 /*
 /*

- * This file implements decoding of ZeroMQ network protocol(s).
- *
- *

  * Copyright (c) 2013 The TCPDUMP project
  * All rights reserved.
  *
  * Copyright (c) 2013 The TCPDUMP project
  * All rights reserved.
  *


@@ -28,6 +25,8 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
  * POSSIBILITY OF SUCH DAMAGE.
  */
 

+/* \summary: ZeroMQ Message Transport Protocol (ZMTP) printer */
+

 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif


@@ -81,17 +80,17 @@ zmtp1_print_frame(netdissect_options *ndo, const u_char *cp, const u_char *ep)
        uint8_t flags;
 
        ND_PRINT((ndo, "\n\t"));
        uint8_t flags;
 
        ND_PRINT((ndo, "\n\t"));

-       ND_TCHECK2(*cp, 1); /* length/0xFF */
+       ND_TCHECK_1(cp); /* length/0xFF */

 
        if (cp[0] != 0xFF) {
                header_len = 1; /* length */
                body_len_declared = cp[0];
 
        if (cp[0] != 0xFF) {
                header_len = 1; /* length */
                body_len_declared = cp[0];

-               ND_PRINT((ndo, " frame flags+body  (8-bit) length %" PRIu64 "u", body_len_declared));
+               ND_PRINT((ndo, " frame flags+body  (8-bit) length %" PRIu64, body_len_declared));

        } else {
                header_len = 1 + 8; /* 0xFF, length */
                ND_PRINT((ndo, " frame flags+body (64-bit) length"));
                ND_TCHECK2(*cp, header_len); /* 0xFF, length */
        } else {
                header_len = 1 + 8; /* 0xFF, length */
                ND_PRINT((ndo, " frame flags+body (64-bit) length"));
                ND_TCHECK2(*cp, header_len); /* 0xFF, length */

-               body_len_declared = EXTRACT_64BITS(cp + 1);
+               body_len_declared = EXTRACT_BE_U_8(cp + 1);

                ND_PRINT((ndo, " %" PRIu64, body_len_declared));
        }
        if (body_len_declared == 0)
                ND_PRINT((ndo, " %" PRIu64, body_len_declared));
        }
        if (body_len_declared == 0)


@@ -126,8 +125,15 @@ zmtp1_print_frame(netdissect_options *ndo, const u_char *cp, const u_char *ep)
                }
        }
 
                }
        }
 

-       ND_TCHECK2(*cp, header_len + body_len_declared); /* Next frame within the buffer ? */
-       return cp + header_len + body_len_declared;
+       /*
+        * Do not advance cp by the sum of header_len and body_len_declared
+        * before each offset has successfully passed ND_TCHECK2() as the
+        * sum can roll over (9 + 0xfffffffffffffff7 = 0) and cause an
+        * infinite loop.
+        */
+       cp += header_len;
+       ND_TCHECK2(*cp, body_len_declared); /* Next frame within the buffer ? */
+       return cp + body_len_declared;

 
 trunc:
        ND_PRINT((ndo, "%s", tstr));
 
 trunc:
        ND_PRINT((ndo, "%s", tstr));


@@ -166,8 +172,8 @@ zmtp1_print_intermediate_part(netdissect_options *ndo, const u_char *cp, const u
        u_int frame_offset;
        uint64_t remaining_len;
 
        u_int frame_offset;
        uint64_t remaining_len;
 

-       ND_TCHECK2(*cp, 2);
-       frame_offset = EXTRACT_16BITS(cp);
+       ND_TCHECK_2(cp);
+       frame_offset = EXTRACT_BE_U_2(cp);

        ND_PRINT((ndo, "\n\t frame offset 0x%04x", frame_offset));
        cp += 2;
        remaining_len = ndo->ndo_snapend - cp; /* without the frame length */
        ND_PRINT((ndo, "\n\t frame offset 0x%04x", frame_offset));
        cp += 2;
        remaining_len = ndo->ndo_snapend - cp; /* without the frame length */


@@ -204,7 +210,7 @@ trunc:
 }
 
 void
 }
 
 void

-zmtp1_print_datagram(netdissect_options *ndo, const u_char *cp, const u_int len)
+zmtp1_datagram_print(netdissect_options *ndo, const u_char *cp, const u_int len)

 {
        const u_char *ep = min(ndo->ndo_snapend, cp + len);
 
 {
        const u_char *ep = min(ndo->ndo_snapend, cp + len);