]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-ip.c
CVE-2017-13002/AODV: Add some missing bounds checks.
[tcpdump] / print-ip.c
index 69e621d28792a016ac3caad7162d311aa5152fda..ccf61a3fcbac3224023c987d77319f5cecf4cf21 100644 (file)
@@ -324,12 +324,16 @@ static void
 ip_print_demux(netdissect_options *ndo,
               struct ip_print_demux_state *ipds)
 {
-       struct protoent *proto;
+       const char *p_name;
 
 again:
        switch (ipds->nh) {
 
        case IPPROTO_AH:
+               if (!ND_TTEST(*ipds->cp)) {
+                       ND_PRINT((ndo, "[|AH]"));
+                       break;
+               }
                ipds->nh = *ipds->cp;
                ipds->advance = ah_print(ndo, ipds->cp);
                if (ipds->advance <= 0)
@@ -354,14 +358,14 @@ again:
 
        case IPPROTO_IPCOMP:
        {
-               int enh;
-               ipds->advance = ipcomp_print(ndo, ipds->cp, &enh);
-               if (ipds->advance <= 0)
-                       break;
-               ipds->cp += ipds->advance;
-               ipds->len -= ipds->advance;
-               ipds->nh = enh & 0xff;
-               goto again;
+               ipcomp_print(ndo, ipds->cp);
+               /*
+                * Either this has decompressed the payload and
+                * printed it, in which case there's nothing more
+                * to do, or it hasn't, in which case there's
+                * nothing more to do.
+                */
+               break;
        }
 
        case IPPROTO_SCTP:
@@ -480,8 +484,8 @@ again:
                break;
 
        default:
-               if (ndo->ndo_nflag==0 && (proto = getprotobynumber(ipds->nh)) != NULL)
-                       ND_PRINT((ndo, " %s", proto->p_name));
+               if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL)
+                       ND_PRINT((ndo, " %s", p_name));
                else
                        ND_PRINT((ndo, " ip-proto-%d", ipds->nh));
                ND_PRINT((ndo, " %d", ipds->len));
@@ -522,17 +526,18 @@ ip_print(netdissect_options *ndo,
        u_int hlen;
        struct cksum_vec vec[1];
        uint16_t sum, ip_sum;
-       struct protoent *proto;
+       const char *p_name;
 
        ipds->ip = (const struct ip *)bp;
        ND_TCHECK(ipds->ip->ip_vhl);
-       if (IP_V(ipds->ip) != 4) { /* print version if != 4 */
+       if (IP_V(ipds->ip) != 4) { /* print version and fail if != 4 */
            if (IP_V(ipds->ip) == 6)
              ND_PRINT((ndo, "IP6, wrong link-layer encapsulation "));
            else
              ND_PRINT((ndo, "IP%u ", IP_V(ipds->ip)));
+           return;
        }
-       else if (!ndo->ndo_eflag)
+       if (!ndo->ndo_eflag)
                ND_PRINT((ndo, "IP "));
 
        ND_TCHECK(*ipds->ip);
@@ -666,8 +671,8 @@ ip_print(netdissect_options *ndo,
                 */
                ND_PRINT((ndo, "%s > %s:", ipaddr_string(ndo, &ipds->ip->ip_src),
                          ipaddr_string(ndo, &ipds->ip->ip_dst)));
-               if (!ndo->ndo_nflag && (proto = getprotobynumber(ipds->ip->ip_p)) != NULL)
-                       ND_PRINT((ndo, " %s", proto->p_name));
+               if (!ndo->ndo_nflag && (p_name = netdb_protoname(ipds->ip->ip_p)) != NULL)
+                       ND_PRINT((ndo, " %s", p_name));
                else
                        ND_PRINT((ndo, " ip-proto-%d", ipds->ip->ip_p));
        }
@@ -681,24 +686,28 @@ trunc:
 void
 ipN_print(netdissect_options *ndo, register const u_char *bp, register u_int length)
 {
-       struct ip hdr;
-
-       if (length < 4) {
+       if (length < 1) {
                ND_PRINT((ndo, "truncated-ip %d", length));
                return;
        }
-       memcpy (&hdr, bp, 4);
-       switch (IP_V(&hdr)) {
-       case 4:
+
+       ND_TCHECK(*bp);
+       switch (*bp & 0xF0) {
+       case 0x40:
                ip_print (ndo, bp, length);
-               return;
-       case 6:
+               break;
+       case 0x60:
                ip6_print (ndo, bp, length);
-               return;
+               break;
        default:
-               ND_PRINT((ndo, "unknown ip %d", IP_V(&hdr)));
-               return;
+               ND_PRINT((ndo, "unknown ip %d", (*bp & 0xF0) >> 4));
+               break;
        }
+       return;
+
+trunc:
+       ND_PRINT((ndo, "%s", tstr));
+       return;
 }
 
 /*