ZEP: Add a bounds check

[tcpdump] / print-juniper.c

diff --git a/print-juniper.c b/print-juniper.c
index 0061b2ba113319bb2c5020e119f8bb40578fc9fa..7c3df49ff2b145ec638c74245ed42c675042edb5 100644 (file)
--- a/print-juniper.c
+++ b/print-juniper.c
@@ -484,6 +484,7 @@ juniper_ggsn_if_print(netdissect_options *ndo,
         uint8_t proto;
 
         ndo->ndo_protocol = "juniper_ggsn";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_GGSN;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -541,6 +542,7 @@ juniper_es_if_print(netdissect_options *ndo,
         const struct juniper_ipsec_header *ih;
 
         ndo->ndo_protocol = "juniper_es";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_ES;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -620,6 +622,7 @@ juniper_monitor_if_print(netdissect_options *ndo,
         const struct juniper_monitor_header *mh;
 
         ndo->ndo_protocol = "juniper_monitor";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_MONITOR;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -664,6 +667,7 @@ juniper_services_if_print(netdissect_options *ndo,
         const struct juniper_services_header *sh;
 
         ndo->ndo_protocol = "juniper_services";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_SERVICES;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -701,6 +705,7 @@ juniper_pppoe_if_print(netdissect_options *ndo,
         struct juniper_l2info_t l2info;
 
         ndo->ndo_protocol = "juniper_pppoe";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_PPPOE;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -709,7 +714,7 @@ juniper_pppoe_if_print(netdissect_options *ndo,
 
         p+=l2info.header_len;
         /* this DLT contains nothing but raw ethernet frames */
-        ether_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL, FALSE);
+        ether_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL);
         ndo->ndo_ll_hdr_len += l2info.header_len;
 }
 #endif
@@ -722,6 +727,7 @@ juniper_ether_if_print(netdissect_options *ndo,
         struct juniper_l2info_t l2info;
 
         ndo->ndo_protocol = "juniper_ether";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_ETHER;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -730,8 +736,9 @@ juniper_ether_if_print(netdissect_options *ndo,
 
         p+=l2info.header_len;
         /* this DLT contains nothing but raw Ethernet frames */
-        ether_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL, TRUE);
-        ndo->ndo_ll_hdr_len += l2info.header_len;
+        ndo->ndo_ll_hdr_len +=
+               l2info.header_len +
+               ether_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL);
 }
 #endif
 
@@ -743,6 +750,7 @@ juniper_ppp_if_print(netdissect_options *ndo,
         struct juniper_l2info_t l2info;
 
         ndo->ndo_protocol = "juniper_ppp";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_PPP;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -764,6 +772,7 @@ juniper_frelay_if_print(netdissect_options *ndo,
         struct juniper_l2info_t l2info;
 
         ndo->ndo_protocol = "juniper_frelay";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_FRELAY;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -785,6 +794,7 @@ juniper_chdlc_if_print(netdissect_options *ndo,
         struct juniper_l2info_t l2info;
 
         ndo->ndo_protocol = "juniper_chdlc";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_CHDLC;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -807,6 +817,7 @@ juniper_pppoe_atm_if_print(netdissect_options *ndo,
         uint16_t extracted_ethertype;
 
         ndo->ndo_protocol = "juniper_pppoe_atm";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_PPPOE_ATM;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -815,7 +826,6 @@ juniper_pppoe_atm_if_print(netdissect_options *ndo,
 
         p+=l2info.header_len;
 
-        ND_TCHECK_2(p);
         extracted_ethertype = GET_BE_U_2(p);
         /* this DLT contains nothing but raw PPPoE frames,
          * prepended with a type field*/
@@ -828,11 +838,6 @@ juniper_pppoe_atm_if_print(netdissect_options *ndo,
             ND_PRINT("unknown ethertype 0x%04x", extracted_ethertype);
 
         ndo->ndo_ll_hdr_len += l2info.header_len;
-        return;
-
-trunc:
-        nd_print_trunc(ndo);
-        ndo->ndo_ll_hdr_len += l2info.header_len;
 }
 #endif
 
@@ -844,6 +849,7 @@ juniper_mlppp_if_print(netdissect_options *ndo,
         struct juniper_l2info_t l2info;
 
         ndo->ndo_protocol = "juniper_mlppp";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_MLPPP;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -986,6 +992,7 @@ juniper_mlfr_if_print(netdissect_options *ndo,
         struct juniper_l2info_t l2info;
 
         ndo->ndo_protocol = "juniper_mlfr";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_MLFR;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -1035,6 +1042,7 @@ juniper_atm1_if_print(netdissect_options *ndo,
         struct juniper_l2info_t l2info;
 
         ndo->ndo_protocol = "juniper_atm1";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_ATM1;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -1049,7 +1057,6 @@ juniper_atm1_if_print(netdissect_options *ndo,
             return;
         }
 
-        ND_TCHECK_3(p);
         if (GET_BE_U_3(p) == 0xfefe03 || /* NLPID encaps ? */
             GET_BE_U_3(p) == 0xaaaa03) { /* SNAP encaps ? */
 
@@ -1073,11 +1080,6 @@ juniper_atm1_if_print(netdissect_options *ndo,
         }
 
         ndo->ndo_ll_hdr_len += l2info.header_len;
-        return;
-
-trunc:
-        nd_print_trunc(ndo);
-        ndo->ndo_ll_hdr_len += l2info.header_len;
 }
 #endif
 
@@ -1099,6 +1101,7 @@ juniper_atm2_if_print(netdissect_options *ndo,
         struct juniper_l2info_t l2info;
 
         ndo->ndo_protocol = "juniper_atm2";
+        memset(&l2info, 0, sizeof(l2info));
         l2info.pictype = DLT_JUNIPER_ATM2;
         if (juniper_parse_header(ndo, p, h, &l2info) == 0) {
             ndo->ndo_ll_hdr_len += l2info.header_len;
@@ -1113,7 +1116,6 @@ juniper_atm2_if_print(netdissect_options *ndo,
             return;
         }
 
-        ND_TCHECK_3(p);
         if (GET_BE_U_3(p) == 0xfefe03 || /* NLPID encaps ? */
             GET_BE_U_3(p) == 0xaaaa03) { /* SNAP encaps ? */
 
@@ -1127,7 +1129,7 @@ juniper_atm2_if_print(netdissect_options *ndo,
         if (l2info.direction != JUNIPER_BPF_PKT_IN && /* ether-over-1483 encaps ? */
             /* use EXTRACT_, not GET_ (not packet buffer pointer) */
             (EXTRACT_BE_U_4(l2info.cookie) & ATM2_GAP_COUNT_MASK)) {
-            ether_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL, FALSE);
+            ether_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL);
             ndo->ndo_ll_hdr_len += l2info.header_len;
             return;
         }
@@ -1150,11 +1152,6 @@ juniper_atm2_if_print(netdissect_options *ndo,
         }
 
         ndo->ndo_ll_hdr_len += l2info.header_len;
-        return;
-
-trunc:
-        nd_print_trunc(ndo);
-        ndo->ndo_ll_hdr_len += l2info.header_len;
 }
 
 /* try to guess, based on all PPP protos that are supported in
@@ -1300,7 +1297,6 @@ juniper_parse_header(netdissect_options *ndo,
 
     l2info->length = h->len;
     l2info->caplen = h->caplen;
-    ND_TCHECK_4(p);
     l2info->flags = GET_U_1(p + 3);
     l2info->direction = GET_U_1(p + 3) & JUNIPER_BPF_PKT_IN;
 
@@ -1325,7 +1321,6 @@ juniper_parse_header(netdissect_options *ndo,
         tptr = p+jnx_header_len;
 
         /* ok to read extension length ? */
-        ND_TCHECK_2(tptr);
         jnx_ext_len = GET_BE_U_2(tptr);
         jnx_header_len += 2;
         tptr +=2;
@@ -1480,7 +1475,6 @@ juniper_parse_header(netdissect_options *ndo,
             if (ndo->ndo_eflag) ND_PRINT(": "); /* print demarc b/w L2/L3*/
 
 
-            ND_TCHECK_2(p + l2info->cookie_len);
             l2info->proto = GET_BE_U_2(p + l2info->cookie_len);
             break;
         }
@@ -1511,7 +1505,6 @@ juniper_parse_header(netdissect_options *ndo,
     case DLT_JUNIPER_MLFR:
         switch (l2info->cookie_type) {
         case LS_COOKIE_ID:
-            ND_TCHECK_2(p);
             l2info->bundle = l2info->cookie[1];
             l2info->proto = GET_BE_U_2(p);
             l2info->header_len += 2;
@@ -1536,7 +1529,6 @@ juniper_parse_header(netdissect_options *ndo,
     case DLT_JUNIPER_MFR:
         switch (l2info->cookie_type) {
         case LS_COOKIE_ID:
-            ND_TCHECK_2(p);
             l2info->bundle = l2info->cookie[1];
             l2info->proto = GET_BE_U_2(p);
             l2info->header_len += 2;
@@ -1606,7 +1598,7 @@ juniper_parse_header(netdissect_options *ndo,
         break;
     }
 
-    if (ndo->ndo_eflag > 1)
+    if (ndo->ndo_eflag)
         ND_PRINT("hlen %u, proto 0x%04x, ", l2info->header_len, l2info->proto);
 
     return 1; /* everything went ok so far. continue parsing */