static const u_char *
ikev1_attrmap_print(netdissect_options *ndo,
- const u_char *p, const u_char *ep,
+ const u_char *p, const u_char *ep2,
const struct attrmap *map, size_t nmap)
{
int totlen;
uint32_t t, v;
+ ND_TCHECK(p[0]);
if (p[0] & 0x80)
totlen = 4;
- else
- totlen = 4 + EXTRACT_16BITS(&p[2]);
- if (ep < p + totlen) {
+ else {
+ ND_TCHECK_2(p + 2);
+ totlen = 4 + EXTRACT_BE_U_2(p + 2);
+ }
+ if (ep2 < p + totlen) {
ND_PRINT((ndo,"[|attr]"));
- return ep + 1;
+ return ep2 + 1;
}
+ ND_TCHECK_2(p);
ND_PRINT((ndo,"("));
- t = EXTRACT_16BITS(&p[0]) & 0x7fff;
+ t = EXTRACT_BE_U_2(p) & 0x7fff;
if (map && t < nmap && map[t].type)
ND_PRINT((ndo,"type=%s ", map[t].type));
else
ND_PRINT((ndo,"type=#%d ", t));
if (p[0] & 0x80) {
ND_PRINT((ndo,"value="));
- v = EXTRACT_16BITS(&p[2]);
+ ND_TCHECK_2(p + 2);
+ v = EXTRACT_BE_U_2(p + 2);
if (map && t < nmap && v < map[t].nvalue && map[t].value[v])
ND_PRINT((ndo,"%s", map[t].value[v]));
- else
- rawprint(ndo, (const uint8_t *)&p[2], 2);
+ else {
+ if (!rawprint(ndo, (const uint8_t *)&p[2], 2)) {
+ ND_PRINT((ndo,")"));
+ goto trunc;
+ }
+ }
} else {
- ND_PRINT((ndo,"len=%d value=", EXTRACT_16BITS(&p[2])));
- rawprint(ndo, (const uint8_t *)&p[4], EXTRACT_16BITS(&p[2]));
+ ND_PRINT((ndo,"len=%d value=", totlen - 4));
+ if (!rawprint(ndo, (const uint8_t *)&p[4], totlen - 4)) {
+ ND_PRINT((ndo,")"));
+ goto trunc;
+ }
}
ND_PRINT((ndo,")"));
return p + totlen;
+
+trunc:
+ return NULL;
}
static const u_char *
-ikev1_attr_print(netdissect_options *ndo, const u_char *p, const u_char *ep)
+ikev1_attr_print(netdissect_options *ndo, const u_char *p, const u_char *ep2)
{
int totlen;
uint32_t t;
+ ND_TCHECK(p[0]);
if (p[0] & 0x80)
totlen = 4;
- else
- totlen = 4 + EXTRACT_16BITS(&p[2]);
- if (ep < p + totlen) {
+ else {
+ ND_TCHECK_2(p + 2);
+ totlen = 4 + EXTRACT_BE_U_2(p + 2);
+ }
+ if (ep2 < p + totlen) {
ND_PRINT((ndo,"[|attr]"));
- return ep + 1;
+ return ep2 + 1;
}
+ ND_TCHECK_2(p);
ND_PRINT((ndo,"("));
- t = EXTRACT_16BITS(&p[0]) & 0x7fff;
+ t = EXTRACT_BE_U_2(p) & 0x7fff;
ND_PRINT((ndo,"type=#%d ", t));
if (p[0] & 0x80) {
ND_PRINT((ndo,"value="));
t = p[2];
- rawprint(ndo, (const uint8_t *)&p[2], 2);
+ if (!rawprint(ndo, (const uint8_t *)&p[2], 2)) {
+ ND_PRINT((ndo,")"));
+ goto trunc;
+ }
} else {
- ND_PRINT((ndo,"len=%d value=", EXTRACT_16BITS(&p[2])));
- rawprint(ndo, (const uint8_t *)&p[4], EXTRACT_16BITS(&p[2]));
+ ND_PRINT((ndo,"len=%d value=", totlen - 4));
+ if (!rawprint(ndo, (const uint8_t *)&p[4], totlen - 4)) {
+ ND_PRINT((ndo,")"));
+ goto trunc;
+ }
}
ND_PRINT((ndo,")"));
return p + totlen;
+
+trunc:
+ return NULL;
}
static const u_char *
cp = (const u_char *)(p + 1);
ep2 = (const u_char *)p + item_len;
while (cp < ep && cp < ep2) {
- if (map && nmap) {
- cp = ikev1_attrmap_print(ndo, cp, (ep < ep2) ? ep : ep2,
- map, nmap);
- } else
- cp = ikev1_attr_print(ndo, cp, (ep < ep2) ? ep : ep2);
+ if (map && nmap)
+ cp = ikev1_attrmap_print(ndo, cp, ep2, map, nmap);
+ else
+ cp = ikev1_attr_print(ndo, cp, ep2);
+ if (cp == NULL)
+ goto trunc;
}
if (ep < ep2)
ND_PRINT((ndo,"..."));
UNALIGNED_MEMCPY(&e, ext, sizeof(e));
ND_PRINT((ndo," key len=%d", ntohs(e.len) - 4));
if (2 < ndo->ndo_vflag && 4 < ntohs(e.len)) {
+ /* Print the entire payload in hex */
ND_PRINT((ndo," "));
if (!rawprint(ndo, (const uint8_t *)(ext + 1), ntohs(e.len) - 4))
goto trunc;
int i;
ND_PRINT((ndo," len=%d ", len));
for (i = 0; i < len; i++)
- safeputchar(ndo, data[i]);
+ safeputchar(ndo, EXTRACT_U_1(data + i));
len = 0;
break;
}
mask = data + sizeof(struct in_addr);
ND_PRINT((ndo," len=%d %s/%u.%u.%u.%u", len,
ipaddr_string(ndo, data),
- mask[0], mask[1], mask[2], mask[3]));
+ EXTRACT_U_1(mask), EXTRACT_U_1(mask + 1),
+ EXTRACT_U_1(mask + 2), EXTRACT_U_1(mask + 3)));
}
len = 0;
break;
case IPSECDOI_ID_IPV6_ADDR_SUBNET:
{
const u_char *mask;
- if (len < 20)
- ND_PRINT((ndo," len=%d [bad: < 20]", len));
+ if (len < 32)
+ ND_PRINT((ndo," len=%d [bad: < 32]", len));
else {
mask = (const u_char *)(data + sizeof(struct in6_addr));
/*XXX*/
ND_PRINT((ndo," len=%d %s/0x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", len,
ip6addr_string(ndo, data),
- mask[0], mask[1], mask[2], mask[3],
- mask[4], mask[5], mask[6], mask[7],
- mask[8], mask[9], mask[10], mask[11],
- mask[12], mask[13], mask[14], mask[15]));
+ EXTRACT_U_1(mask), EXTRACT_U_1(mask + 1), EXTRACT_U_1(mask + 2), EXTRACT_U_1(mask + 3),
+ EXTRACT_U_1(mask + 4), EXTRACT_U_1(mask + 5), EXTRACT_U_1(mask + 6), EXTRACT_U_1(mask + 7),
+ EXTRACT_U_1(mask + 8), EXTRACT_U_1(mask + 9), EXTRACT_U_1(mask + 10), EXTRACT_U_1(mask + 11),
+ EXTRACT_U_1(mask + 12), EXTRACT_U_1(mask + 13), EXTRACT_U_1(mask + 14), EXTRACT_U_1(mask + 15)));
}
len = 0;
break;
ND_PRINT((ndo," len=%d", item_len - 4));
ND_PRINT((ndo," type=%s", STR_OR_ID((cert.encode), certstr)));
if (2 < ndo->ndo_vflag && 4 < item_len) {
+ /* Print the entire payload in hex */
ND_PRINT((ndo," "));
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
ND_PRINT((ndo," len=%d", item_len - 4));
ND_PRINT((ndo," type=%s", STR_OR_ID((cert.encode), certstr)));
if (2 < ndo->ndo_vflag && 4 < item_len) {
+ /* Print the entire payload in hex */
ND_PRINT((ndo," "));
if (!rawprint(ndo, (const uint8_t *)(ext + 1), item_len - 4))
goto trunc;
UNALIGNED_MEMCPY(&e, ext, sizeof(e));
ND_PRINT((ndo," len=%d", ntohs(e.len) - 4));
if (2 < ndo->ndo_vflag && 4 < ntohs(e.len)) {
+ /* Print the entire payload in hex */
ND_PRINT((ndo," "));
if (!rawprint(ndo, (const uint8_t *)(ext + 1), ntohs(e.len) - 4))
goto trunc;
UNALIGNED_MEMCPY(&e, ext, sizeof(e));
ND_PRINT((ndo," len=%d", ntohs(e.len) - 4));
if (2 < ndo->ndo_vflag && 4 < ntohs(e.len)) {
+ /* Print the entire payload in hex */
ND_PRINT((ndo," "));
if (!rawprint(ndo, (const uint8_t *)(ext + 1), ntohs(e.len) - 4))
goto trunc;
size_t nmap = sizeof(oakley_t_map)/sizeof(oakley_t_map[0]);
ND_PRINT((ndo," attrs=("));
while (cp < ep && cp < ep2) {
- cp = ikev1_attrmap_print(ndo, cp,
- (ep < ep2) ? ep : ep2, map, nmap);
+ cp = ikev1_attrmap_print(ndo, cp, ep2, map, nmap);
+ if (cp == NULL) {
+ ND_PRINT((ndo,")"));
+ goto trunc;
+ }
}
ND_PRINT((ndo,")"));
break;
case IPSECDOI_NTYPE_REPLAY_STATUS:
ND_PRINT((ndo," status=("));
ND_PRINT((ndo,"replay detection %sabled",
- EXTRACT_32BITS(cp) ? "en" : "dis"));
+ EXTRACT_BE_U_4(cp) ? "en" : "dis"));
ND_PRINT((ndo,")"));
break;
default:
UNALIGNED_MEMCPY(&e, ext, sizeof(e));
ND_PRINT((ndo," len=%d", ntohs(e.len) - 4));
if (2 < ndo->ndo_vflag && 4 < ntohs(e.len)) {
+ /* Print the entire payload in hex */
ND_PRINT((ndo," "));
if (!rawprint(ndo, (const uint8_t *)(ext + 1), ntohs(e.len) - 4))
goto trunc;
ND_PRINT((ndo," len=%d", ntohs(e.len) - 4));
if (2 < ndo->ndo_vflag && 4 < ntohs(e.len)) {
+ /* Print the entire payload in hex */
ND_PRINT((ndo," "));
if (!rawprint(ndo, (const uint8_t *)(ext + 1), ntohs(e.len) - 4))
goto trunc;
ep2 = (const u_char *)p + item_len;
while (cp < ep && cp < ep2) {
if (map && nmap) {
- cp = ikev1_attrmap_print(ndo, cp, (ep < ep2) ? ep : ep2,
- map, nmap);
+ cp = ikev1_attrmap_print(ndo, cp, ep2, map, nmap);
} else
- cp = ikev1_attr_print(ndo, cp, (ep < ep2) ? ep : ep2);
+ cp = ikev1_attr_print(ndo, cp, ep2);
+ if (cp == NULL)
+ goto trunc;
}
if (ep < ep2)
ND_PRINT((ndo,"..."));
if (prop_length < sizeof(*ext))
goto toolong;
ND_TCHECK(*ext);
-
UNALIGNED_MEMCPY(&e, ext, sizeof(e));
/*
if (sa_length < sizeof(*ext))
goto toolong;
ND_TCHECK(*ext);
-
UNALIGNED_MEMCPY(&e, ext, sizeof(e));
/*
const struct ikev2_ke *k;
k = (const struct ikev2_ke *)ext;
- ND_TCHECK(*ext);
+ ND_TCHECK(*k);
UNALIGNED_MEMCPY(&ke, ext, sizeof(ke));
ikev2_pay_print(ndo, NPSTR(tpay), ke.h.critical);
uint32_t phase _U_, uint32_t doi _U_,
uint32_t proto _U_, int depth _U_)
{
+ const struct ikev2_id *idp;
struct ikev2_id id;
int id_len, idtype_len, i;
unsigned int dumpascii, dumphex;
const unsigned char *typedata;
- ND_TCHECK(*ext);
+ idp = (const struct ikev2_id *)ext;
+ ND_TCHECK(*idp);
UNALIGNED_MEMCPY(&id, ext, sizeof(id));
ikev2_pay_print(ndo, NPSTR(tpay), id.h.critical);
ND_PRINT((ndo," len=%d", id_len - 4));
if (2 < ndo->ndo_vflag && 4 < id_len) {
+ /* Print the entire payload in hex */
ND_PRINT((ndo," "));
if (!rawprint(ndo, (const uint8_t *)(ext + 1), id_len - 4))
goto trunc;
if(dumpascii) {
ND_TCHECK2(*typedata, idtype_len);
for(i=0; i<idtype_len; i++) {
- if(ND_ISPRINT(typedata[i])) {
- ND_PRINT((ndo, "%c", typedata[i]));
+ if(ND_ISPRINT(EXTRACT_U_1(typedata + i))) {
+ ND_PRINT((ndo, "%c", EXTRACT_U_1(typedata + i)));
} else {
ND_PRINT((ndo, "."));
}
const u_char *authdata = (const u_char*)ext + sizeof(a);
unsigned int len;
- ND_TCHECK(*ext);
+ ND_TCHECK2(*ext, sizeof(a));
UNALIGNED_MEMCPY(&a, ext, sizeof(a));
ikev2_pay_print(ndo, NPSTR(tpay), a.h.critical);
len = ntohs(a.h.len);
len = ntohs(e.len) - 4;
ND_TCHECK2(*vid, len);
for(i=0; i<len; i++) {
- if(ND_ISPRINT(vid[i])) ND_PRINT((ndo, "%c", vid[i]));
+ if(ND_ISPRINT(EXTRACT_U_1(vid + i)))
+ ND_PRINT((ndo, "%c", EXTRACT_U_1(vid + i)));
else ND_PRINT((ndo, "."));
}
if (2 < ndo->ndo_vflag && 4 < len) {
+ /* Print the entire payload in hex */
ND_PRINT((ndo," "));
if (!rawprint(ndo, (const uint8_t *)(ext + 1), ntohs(e.len) - 4))
goto trunc;
while (np) {
ND_TCHECK(*ext);
-
UNALIGNED_MEMCPY(&e, ext, sizeof(e));
ND_TCHECK2(*ext, ntohs(e.len));
p = (const struct isakmp *)bp;
ep = ndo->ndo_snapend;
- phase = (EXTRACT_32BITS(base->msgid) == 0) ? 1 : 2;
+ phase = (EXTRACT_BE_U_4(base->msgid) == 0) ? 1 : 2;
if (phase == 1)
ND_PRINT((ndo," phase %d", phase));
else
cp = (const u_char *)ext;
while (np) {
ND_TCHECK(*ext);
-
UNALIGNED_MEMCPY(&e, ext, sizeof(e));
ND_TCHECK2(*ext, ntohs(e.len));
p = (const struct isakmp *)bp;
ep = ndo->ndo_snapend;
- phase = (EXTRACT_32BITS(base->msgid) == 0) ? 1 : 2;
+ phase = (EXTRACT_BE_U_4(base->msgid) == 0) ? 1 : 2;
if (phase == 1)
ND_PRINT((ndo, " parent_sa"));
else
/* must be an ESP packet */
{
- int nh, enh, padlen;
+ u_int nh, enh, padlen;
int advance;
ND_PRINT((ndo, "UDP-encap: "));
projects / tcpdump / blobdiff