add boundary, infinite loop checks

[tcpdump] / print-esp.c

diff --git a/print-esp.c b/print-esp.c
index 96e97c873bdb84e5dbf90d8bf5793adf5fb26cde..260fe8710e898bffb805d7fe2a145bb4178efd82 100644 (file)
--- a/print-esp.c
+++ b/print-esp.c
@@ -23,7 +23,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-esp.c,v 1.50 2004-04-05 00:15:51 mcr Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-esp.c,v 1.56 2005-04-21 06:44:40 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -50,10 +50,6 @@ static const char rcsid[] _U_ =
 #include "ip6.h"
 #endif
 
-#if defined(__MINGW32__) || defined(__WATCOMC__)
-extern char *strsep(char **stringp, const char *delim); /* Missing/strsep.c */
-#endif
-
 #include "netdissect.h"
 #include "addrtoname.h"
 #include "extract.h"
@@ -79,7 +75,7 @@ struct sa_list {
        const EVP_CIPHER *evp;
        int             ivlen;
        int             authlen;
-       char            secret[256];  /* is that big enough for all secrets? */
+       u_char          secret[256];  /* is that big enough for all secrets? */
        int             secretlen;
 };
 
@@ -104,7 +100,7 @@ static void esp_print_addsa(netdissect_options *ndo,
 }
 
 
-static int hexdigit(netdissect_options *ndo, char hex)
+static u_int hexdigit(netdissect_options *ndo, char hex)
 {
        if (hex >= '0' && hex <= '9')
                return (hex - '0');
@@ -118,9 +114,9 @@ static int hexdigit(netdissect_options *ndo, char hex)
        }
 }
 
-static int hex2byte(netdissect_options *ndo, char *hexstring)
+static u_int hex2byte(netdissect_options *ndo, char *hexstring)
 {
-       int byte;
+       u_int byte;
 
        byte = (hexdigit(ndo, hexstring[0]) << 4) + hexdigit(ndo, hexstring[1]);
        return byte;
@@ -223,7 +219,7 @@ static void esp_print_decode_onesecret(netdissect_options *ndo, char *line)
 
        if (decode) {
                char *colon, *p;
-               char  espsecret_key[256];
+               u_char espsecret_key[256];
                int len;
                size_t i;
                const EVP_CIPHER *evp;
@@ -330,7 +326,7 @@ static void esp_init(netdissect_options *ndo _U_)
 
 int
 esp_print(netdissect_options *ndo,
-         const u_char *bp, const u_char *bp2
+         const u_char *bp, const int length, const u_char *bp2
 #ifndef HAVE_LIBCRYPTO
        _U_
 #endif
@@ -357,7 +353,7 @@ esp_print(netdissect_options *ndo,
 #endif
        int advance;
        int len;
-       char *secret;
+       u_char *secret;
        int ivlen = 0;
        u_char *ivoff;
        u_char *p;
@@ -392,6 +388,7 @@ esp_print(netdissect_options *ndo,
        }
        (*ndo->ndo_printf)(ndo, "ESP(spi=0x%08x", EXTRACT_32BITS(&esp->esp_spi));
        (*ndo->ndo_printf)(ndo, ",seq=0x%x)", EXTRACT_32BITS(&esp->esp_seq));
+        (*ndo->ndo_printf)(ndo, ", length %u", length);
 
 #ifndef HAVE_LIBCRYPTO
        goto fail;
@@ -472,6 +469,7 @@ esp_print(netdissect_options *ndo,
        ivlen = sa->ivlen;
        secret = sa->secret;
        espsecret_keylen = sa->secretlen;
+       ep = ep - sa->authlen;
 
        if (sa->evp) {
                memset(&ctx, 0, sizeof(ctx));
@@ -487,7 +485,6 @@ esp_print(netdissect_options *ndo,
        } else
                advance = sizeof(struct newesp);
 
-       ep = ep - sa->authlen;
        /* sanity check for pad length */
        if (ep - bp < *(ep - 2))
                goto fail;