NTP: Use tstr for truncation indicator.

[tcpdump] / print-ospf.c

diff --git a/print-ospf.c b/print-ospf.c
index 6024c640bfba3eb64d37d3c942337ad0b281c37d..8dad2eaa4b1fb1053855776b99e688aa36d56356 100644 (file)
--- a/print-ospf.c
+++ b/print-ospf.c
@@ -21,6 +21,8 @@
  * OSPF support contributed by Jeffrey Honig ([email protected])
  */
 
+/* \summary: Open Shortest Path First (OSPF) printer */
+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -64,7 +66,6 @@ static const struct tok ospf_rla_flag_values[] = {
 };
 
 static const struct tok type2str[] = {
-       { OSPF_TYPE_UMD,        "UMD" },
        { OSPF_TYPE_HELLO,      "Hello" },
        { OSPF_TYPE_DD,         "Database Description" },
        { OSPF_TYPE_LS_REQ,     "LS-Request" },
@@ -313,6 +314,10 @@ ospf_print_te_lsa(netdissect_options *ndo,
                 tptr+=4;
                 tlv_length-=4;
 
+               /* Infinite loop protection */
+               if (subtlv_type == 0 || subtlv_length == 0)
+                   goto invalid;
+
                 ND_PRINT((ndo, "\n\t      %s subTLV (%u), length: %u",
                        tok2str(lsa_opaque_te_link_tlv_subtlv_values,"unknown",subtlv_type),
                        subtlv_type,
@@ -321,10 +326,18 @@ ospf_print_te_lsa(netdissect_options *ndo,
                 ND_TCHECK2(*tptr, subtlv_length);
                 switch(subtlv_type) {
                 case LS_OPAQUE_TE_LINK_SUBTLV_ADMIN_GROUP:
+                   if (subtlv_length != 4) {
+                       ND_PRINT((ndo, " != 4"));
+                       goto invalid;
+                   }
                     ND_PRINT((ndo, ", 0x%08x", EXTRACT_32BITS(tptr)));
                     break;
                 case LS_OPAQUE_TE_LINK_SUBTLV_LINK_ID:
                 case LS_OPAQUE_TE_LINK_SUBTLV_LINK_LOCAL_REMOTE_ID:
+                   if (subtlv_length != 4 && subtlv_length != 8) {
+                       ND_PRINT((ndo, " != 4 && != 8"));
+                       goto invalid;
+                   }
                     ND_PRINT((ndo, ", %s (0x%08x)",
                            ipaddr_string(ndo, tptr),
                            EXTRACT_32BITS(tptr)));
@@ -335,14 +348,26 @@ ospf_print_te_lsa(netdissect_options *ndo,
                     break;
                 case LS_OPAQUE_TE_LINK_SUBTLV_LOCAL_IP:
                 case LS_OPAQUE_TE_LINK_SUBTLV_REMOTE_IP:
+                   if (subtlv_length != 4) {
+                       ND_PRINT((ndo, " != 4"));
+                       goto invalid;
+                   }
                     ND_PRINT((ndo, ", %s", ipaddr_string(ndo, tptr)));
                     break;
                 case LS_OPAQUE_TE_LINK_SUBTLV_MAX_BW:
                 case LS_OPAQUE_TE_LINK_SUBTLV_MAX_RES_BW:
+                   if (subtlv_length != 4) {
+                       ND_PRINT((ndo, " != 4"));
+                       goto invalid;
+                   }
                     bw.i = EXTRACT_32BITS(tptr);
                     ND_PRINT((ndo, ", %.3f Mbps", bw.f * 8 / 1000000));
                     break;
                 case LS_OPAQUE_TE_LINK_SUBTLV_UNRES_BW:
+                   if (subtlv_length != 32) {
+                       ND_PRINT((ndo, " != 32"));
+                       goto invalid;
+                   }
                     for (te_class = 0; te_class < 8; te_class++) {
                         bw.i = EXTRACT_32BITS(tptr+te_class*4);
                         ND_PRINT((ndo, "\n\t\tTE-Class %u: %.3f Mbps",
@@ -351,9 +376,22 @@ ospf_print_te_lsa(netdissect_options *ndo,
                     }
                     break;
                 case LS_OPAQUE_TE_LINK_SUBTLV_BW_CONSTRAINTS:
+                   if (subtlv_length < 4) {
+                       ND_PRINT((ndo, " < 4"));
+                       goto invalid;
+                   }
+                   /* BC Model Id (1 octet) + Reserved (3 octets) */
                     ND_PRINT((ndo, "\n\t\tBandwidth Constraints Model ID: %s (%u)",
                            tok2str(diffserv_te_bc_values, "unknown", *tptr),
                            *tptr));
+                   if (subtlv_length % 4 != 0) {
+                       ND_PRINT((ndo, "\n\t\tlength %u != N x 4", subtlv_length));
+                       goto invalid;
+                   }
+                   if (subtlv_length > 36) {
+                       ND_PRINT((ndo, "\n\t\tlength %u > 36", subtlv_length));
+                       goto invalid;
+                   }
                     /* decode BCs until the subTLV ends */
                     for (te_class = 0; te_class < (subtlv_length-4)/4; te_class++) {
                         bw.i = EXTRACT_32BITS(tptr+4+te_class*4);
@@ -363,14 +401,27 @@ ospf_print_te_lsa(netdissect_options *ndo,
                     }
                     break;
                 case LS_OPAQUE_TE_LINK_SUBTLV_TE_METRIC:
+                   if (subtlv_length != 4) {
+                       ND_PRINT((ndo, " != 4"));
+                       goto invalid;
+                   }
                     ND_PRINT((ndo, ", Metric %u", EXTRACT_32BITS(tptr)));
                     break;
                 case LS_OPAQUE_TE_LINK_SUBTLV_LINK_PROTECTION_TYPE:
-                    ND_PRINT((ndo, ", %s, Priority %u",
-                           bittok2str(gmpls_link_prot_values, "none", *tptr),
-                           *(tptr + 1)));
+                   /* Protection Cap (1 octet) + Reserved ((3 octets) */
+                   if (subtlv_length != 4) {
+                       ND_PRINT((ndo, " != 4"));
+                       goto invalid;
+                   }
+                    ND_PRINT((ndo, ", %s",
+                             bittok2str(gmpls_link_prot_values, "none", *tptr)));
                     break;
                 case LS_OPAQUE_TE_LINK_SUBTLV_INTF_SW_CAP_DESCR:
+                   if (subtlv_length < 36) {
+                       ND_PRINT((ndo, " < 36"));
+                       goto invalid;
+                   }
+                   /* Switching Cap (1 octet) + Encoding (1) +  Reserved (2) */
                     ND_PRINT((ndo, "\n\t\tInterface Switching Capability: %s",
                            tok2str(gmpls_switch_cap_values, "Unknown", *(tptr))));
                     ND_PRINT((ndo, "\n\t\tLSP Encoding: %s\n\t\tMax LSP Bandwidth:",
@@ -383,12 +434,20 @@ ospf_print_te_lsa(netdissect_options *ndo,
                     }
                     break;
                 case LS_OPAQUE_TE_LINK_SUBTLV_LINK_TYPE:
+                   if (subtlv_length != 1) {
+                       ND_PRINT((ndo, " != 1"));
+                       goto invalid;
+                   }
                     ND_PRINT((ndo, ", %s (%u)",
                            tok2str(lsa_opaque_te_tlv_link_type_sub_tlv_values,"unknown",*tptr),
                            *tptr));
                     break;
 
                 case LS_OPAQUE_TE_LINK_SUBTLV_SHARED_RISK_GROUP:
+                   if (subtlv_length % 4 != 0) {
+                       ND_PRINT((ndo, " != N x 4"));
+                       goto invalid;
+                   }
                     count_srlg = subtlv_length / 4;
                     if (count_srlg != 0)
                         ND_PRINT((ndo, "\n\t\t  Shared risk group: "));
@@ -444,6 +503,9 @@ ospf_print_te_lsa(netdissect_options *ndo,
     return 0;
 trunc:
     return -1;
+invalid:
+    ND_PRINT((ndo, "%s", istr));
+    return -1;
 }
 
 static int
@@ -505,16 +567,16 @@ trunc:
 
 /* draft-ietf-ospf-mt-09 */
 static const struct tok ospf_topology_values[] = {
-    { 0, "default " },
-    { 1, "multicast " },
-    { 2, "management " },
+    { 0, "default" },
+    { 1, "multicast" },
+    { 2, "management" },
     { 0, NULL }
 };
 
 /*
  * Print all the per-topology metrics.
  */
-static void
+static int
 ospf_print_tos_metrics(netdissect_options *ndo,
                        const union un_tos *tos)
 {
@@ -527,9 +589,10 @@ ospf_print_tos_metrics(netdissect_options *ndo,
     /*
      * All but the first metric contain a valid topology id.
      */
-    while (toscount) {
-        ND_PRINT((ndo, "\n\t\ttopology %s(%u), metric %u",
-               tok2str(ospf_topology_values, "",
+    while (toscount > 0) {
+        ND_TCHECK(*tos);
+        ND_PRINT((ndo, "\n\t\ttopology %s (%u), metric %u",
+               tok2str(ospf_topology_values, "Unknown",
                        metric_count ? tos->metrics.tos_type : 0),
                metric_count ? tos->metrics.tos_type : 0,
                EXTRACT_16BITS(&tos->metrics.tos_metric)));
@@ -537,6 +600,9 @@ ospf_print_tos_metrics(netdissect_options *ndo,
         tos++;
         toscount--;
     }
+    return 0;
+trunc:
+    return 1;
 }
 
 /*
@@ -610,7 +676,8 @@ ospf_print_lsa(netdissect_options *ndo,
                                return (ls_end);
                        }
 
-                       ospf_print_tos_metrics(ndo, &rlp->un_tos);
+                       if (ospf_print_tos_metrics(ndo, &rlp->un_tos))
+                               goto trunc;
 
                        rlp = (const struct rlalink *)((const u_char *)(rlp + 1) +
                            ((rlp->un_tos.link.link_tos_count) * sizeof(union un_tos)));
@@ -641,8 +708,8 @@ ospf_print_lsa(netdissect_options *ndo,
                        ND_TCHECK(*lp);
                        ul = EXTRACT_32BITS(lp);
                         topology = (ul & SLA_MASK_TOS) >> SLA_SHIFT_TOS;
-                       ND_PRINT((ndo, "\n\t\ttopology %s(%u) metric %d",
-                               tok2str(ospf_topology_values, "", topology),
+                       ND_PRINT((ndo, "\n\t\ttopology %s (%u) metric %d",
+                               tok2str(ospf_topology_values, "Unknown", topology),
                                topology,
                                ul & SLA_MASK_METRIC));
                        ++lp;
@@ -658,8 +725,8 @@ ospf_print_lsa(netdissect_options *ndo,
                        ND_TCHECK(*lp);
                        ul = EXTRACT_32BITS(lp);
                         topology = (ul & SLA_MASK_TOS) >> SLA_SHIFT_TOS;
-                       ND_PRINT((ndo, "\n\t\ttopology %s(%u) metric %d",
-                               tok2str(ospf_topology_values, "", topology),
+                       ND_PRINT((ndo, "\n\t\ttopology %s (%u) metric %d",
+                               tok2str(ospf_topology_values, "Unknown", topology),
                                topology,
                                ul & SLA_MASK_METRIC));
                        ++lp;
@@ -680,8 +747,8 @@ ospf_print_lsa(netdissect_options *ndo,
                        ND_TCHECK(almp->asla_tosmetric);
                        ul = EXTRACT_32BITS(&almp->asla_tosmetric);
                         topology = ((ul & ASLA_MASK_TOS) >> ASLA_SHIFT_TOS);
-                       ND_PRINT((ndo, "\n\t\ttopology %s(%u), type %d, metric",
-                               tok2str(ospf_topology_values, "", topology),
+                       ND_PRINT((ndo, "\n\t\ttopology %s (%u), type %d, metric",
+                               tok2str(ospf_topology_values, "Unknown", topology),
                                topology,
                                (ul & ASLA_FLAG_EXTERNAL) ? 2 : 1));
                        if ((ul & ASLA_MASK_METRIC) == 0xffffff)
@@ -920,14 +987,8 @@ ospf_decode_v2(netdissect_options *ndo,
 
        switch (op->ospf_type) {
 
-       case OSPF_TYPE_UMD:
-               /*
-                * Rob Coltun's special monitoring packets;
-                * do nothing
-                */
-               break;
-
        case OSPF_TYPE_HELLO:
+               ND_TCHECK(op->ospf_hello.hello_options);
                ND_PRINT((ndo, "\n\tOptions [%s]",
                          bittok2str(ospf_option_values,"none",op->ospf_hello.hello_options)));
 
@@ -1058,7 +1119,7 @@ ospf_print(netdissect_options *ndo,
        /* If the type is valid translate it, or just print the type */
        /* value.  If it's not valid, say so and return */
        ND_TCHECK(op->ospf_type);
-       cp = tok2str(type2str, "unknown LS-type", op->ospf_type);
+       cp = tok2str(type2str, "unknown LS-type %u", op->ospf_type);
        ND_PRINT((ndo, "OSPFv%u, %s, length %u", op->ospf_version, cp, length));
        if (*cp == 'u')
                return;