#include "netdissect-stdinc.h"
+#define ND_LONGJMP_FROM_TCHECK
#include "netdissect.h"
#include "addrtoname.h"
"CTM IE", /* 0x32 */
"Timestamp IE", /* 0x33 */
"Timestamp Difference IE", /* 0x34 */
- "TMCTP Sepcification IE", /* 0x35 */
+ "TMCTP Specification IE", /* 0x35 */
"RCC PHY Operating Mode IE", /* 0x36 */
"Reserved 0x37", /* 0x37 */
"Reserved 0x38", /* 0x38 */
/*
* IEEE 802.15.4 CRC 16 function. This is using CCITT polynomical of 0x1021,
* but the initial value is 0, and the bits are reversed for both in and out.
- * See secton 7.2.10 of 802.15.4-2015 for more information.
+ * See section 7.2.10 of 802.15.4-2015 for more information.
*/
static uint16_t
ieee802_15_4_crc16(netdissect_options *ndo, const u_char *p,
/*
* IEEE 802.15.4 CRC 32 function. This is using ANSI X3.66-1979 polynomical of
* 0x04C11DB7, but the initial value is 0, and the bits are reversed for both
- * in and out. See secton 7.2.10 of 802.15.4-2015 for more information.
+ * in and out. See section 7.2.10 of 802.15.4-2015 for more information.
*/
static uint32_t
ieee802_15_4_crc32(netdissect_options *ndo, const u_char *p,
break;
case 0x1c: /* DSME PAN Descriptor IE */
/*FALLTHROUGH*/
- case 0x21: /* Extended DSME PAN descriptior IE */
+ case 0x21: /* Extended DSME PAN descriptor IE */
if (ie_len < 2) {
ND_PRINT("[ERROR: Truncated DSME PAN IE]");
} else {
ND_PRINT("Ack time correction = %d, ", timecorr);
}
break;
- case 0x22: /* Frament Sequence Content Description IE */
+ case 0x22: /* Fragment Sequence Content Description IE */
/* XXX Not implemented */
case 0x23: /* Simplified Superframe Specification IE */
/* XXX Not implemented */
h_ie_names[element_id], ie_len);
}
}
- if (caplen < ie_len) {
+ if (caplen < 2U + ie_len) {
ND_PRINT("[ERROR: Truncated IE data]");
return -1;
}
if (element_id == 0x7f) {
break;
}
- } while (caplen > 0);
+ } while (caplen != 0);
return len;
}
p_mlme_long_names[sub_id], sub_ie_len);
}
- if (ie_len < sub_ie_len) {
+ if (ie_len < 2 + sub_ie_len) {
ND_PRINT("[ERROR: Truncated IE data]");
return;
}
ND_PRINT("\n\t%s [ length = %d, ",
p_ie_names[group_id], ie_len);
}
- if (caplen < ie_len) {
+ if (caplen < 2U + ie_len) {
ND_PRINT("[ERROR: Truncated IE data]");
return -1;
}
}
/*
- * Parse and print frames folloing standard format.
+ * Parse and print frames following standard format.
*
* Returns FALSE in case of error.
*/
int len, frame_version, pan_id_comp;
int frame_type;
int src_pan, dst_pan, src_addr_len, dst_addr_len;
- int security_level, miclen = 0;
+ int security_level;
+ u_int miclen = 0;
int payload_ie_present;
uint8_t seq;
uint32_t fcs, crc_check;
if (CHECK_BIT(fc, 9)) { ND_PRINT("IE present, "); }
}
- /* Check for the sequence number supression. */
+ /* Check for the sequence number suppression. */
if (CHECK_BIT(fc, 8)) {
/* Sequence number is suppressed. */
if (frame_version < 2) {
}
if (ndo->ndo_vflag)
ND_PRINT("seq suppressed ");
+ if (caplen < 2) {
+ nd_print_trunc(ndo);
+ return 0;
+ }
p += 2;
caplen -= 2;
} else {
seq = GET_U_1(p + 2);
- p += 3;
- caplen -= 3;
if (ndo->ndo_vflag)
ND_PRINT("seq %02x ", seq);
+ if (caplen < 3) {
+ nd_print_trunc(ndo);
+ return 0;
+ }
+ p += 3;
+ caplen -= 3;
}
/* See which parts of addresses we have. */
if (len < 0) {
return 0;
}
+ ND_TCHECK_LEN(p, len);
p += len;
caplen -= len;
} else {
}
/* Remove MIC */
- if (miclen > 0) {
- if (caplen < (u_int) miclen) {
+ if (miclen != 0) {
+ if (caplen < miclen) {
ND_PRINT("[ERROR: Truncated before MIC]");
return 0;
}
if (ndo->ndo_vflag > 2 && miclen != 0) {
ND_PRINT("\n\tMIC ");
- for(len = 0; len < miclen; len++) {
- ND_PRINT("%02x", GET_U_1(mic_start + len));
+ for (u_int micoffset = 0; micoffset < miclen; micoffset++) {
+ ND_PRINT("%02x", GET_U_1(mic_start + micoffset));
}
ND_PRINT(" ");
}
if (len < 0) {
break;
}
+ ND_TCHECK_LEN(p, len);
p += len;
caplen -= len;
}
{
int len, frame_version, pan_id_present;
int src_addr_len, dst_addr_len;
- int security_level, miclen = 0;
+ int security_level;
+ u_int miclen = 0;
int ie_present, payload_ie_present, security_enabled;
uint8_t seq;
uint32_t fcs, crc_check;
if (ie_present) { ND_PRINT("IE present, "); }
}
- /* Check for the sequence number supression. */
+ /* Check for the sequence number suppression. */
if (CHECK_BIT(fc, 10)) {
/* Sequence number is suppressed, but long version. */
+ if (caplen < 2) {
+ nd_print_trunc(ndo);
+ return 0;
+ }
p += 2;
caplen -= 2;
} else {
seq = GET_U_1(p + 2);
- p += 3;
- caplen -= 3;
if (ndo->ndo_vflag)
ND_PRINT("seq %02x ", seq);
+ if (caplen < 3) {
+ nd_print_trunc(ndo);
+ return 0;
+ }
+ p += 3;
+ caplen -= 3;
}
} else {
/* Short format of header, but with seq no */
if (len < 0) {
return 0;
}
+ ND_TCHECK_LEN(p, len);
p += len;
caplen -= len;
} else {
}
/* Remove MIC */
- if (miclen > 0) {
- if (caplen < (u_int) miclen) {
+ if (miclen != 0) {
+ if (caplen < miclen) {
ND_PRINT("[ERROR: Truncated before MIC]");
return 0;
}
if (ndo->ndo_vflag > 2 && miclen != 0) {
ND_PRINT("\n\tMIC ");
- for(len = 0; len < miclen; len++) {
- ND_PRINT("%02x", GET_U_1(mic_start + len));
+ for (u_int micoffset = 0; micoffset < miclen; micoffset++) {
+ ND_PRINT("%02x", GET_U_1(mic_start + micoffset));
}
ND_PRINT(" ");
}
}
/*
- * Interal call to dissector taking packet + len instead of pcap_pkthdr.
+ * Internal call to dissector taking packet + len instead of pcap_pkthdr.
*
* Returns FALSE in case of error.
*/
projects / tcpdump / blobdiff