do not auto-hexdump loopback packets as the payload is uninteresting

[tcpdump] / print-rsvp.c

diff --git a/print-rsvp.c b/print-rsvp.c
index e9dd28144f101ebe20a871cf5f7e61fc2e74324d..c3afeb69c70806c55c6aeb71d55a67784bde6ea6 100644 (file)
--- a/print-rsvp.c
+++ b/print-rsvp.c
@@ -15,7 +15,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-rsvp.c,v 1.33 2005-01-13 07:08:54 hannes Exp $";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-rsvp.c,v 1.33.2.3 2005-06-16 00:50:12 guy Exp $";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -548,7 +548,7 @@ rsvp_obj_print (const u_char *tptr, const char *ident, u_int tlen) {
     } bw;
     u_int8_t namelen;
 
-    while(tlen>0) {
+    while(tlen>=sizeof(struct rsvp_object_header)) {
         /* did we capture enough for fully decoding the object header ? */
         if (!TTEST2(*tptr, sizeof(struct rsvp_object_header)))
             goto trunc;
@@ -557,8 +557,12 @@ rsvp_obj_print (const u_char *tptr, const char *ident, u_int tlen) {
         rsvp_obj_len=EXTRACT_16BITS(rsvp_obj_header->length);
         rsvp_obj_ctype=rsvp_obj_header->ctype;
 
-        if(rsvp_obj_len % 4 || rsvp_obj_len < sizeof(struct rsvp_object_header)) {
-            printf("ERROR: object header too short %u < %lu", rsvp_obj_len,
+        if(rsvp_obj_len % 4) {
+            printf("%sERROR: object header size %u not a multiple of 4", ident, rsvp_obj_len);
+            return -1;
+        }
+        if(rsvp_obj_len < sizeof(struct rsvp_object_header)) {
+            printf("%sERROR: object header too short %u < %lu", ident, rsvp_obj_len,
                    (unsigned long)sizeof(const struct rsvp_object_header));
             return -1;
         }
@@ -582,6 +586,11 @@ rsvp_obj_print (const u_char *tptr, const char *ident, u_int tlen) {
                rsvp_obj_ctype,
                rsvp_obj_len);
     
+        if(tlen < rsvp_obj_len) {
+            printf("%sERROR: object goes past end of objects TLV", ident);
+            return -1;
+        }
+
         obj_tptr=tptr+sizeof(struct rsvp_object_header);
         obj_tlen=rsvp_obj_len-sizeof(struct rsvp_object_header);
 
@@ -883,11 +892,18 @@ rsvp_obj_print (const u_char *tptr, const char *ident, u_int tlen) {
             switch(rsvp_obj_ctype) {
             case RSVP_CTYPE_IPV4:
                 while(obj_tlen >= 4 ) {
-                    printf("%s  Subobject Type: %s",
+                    printf("%s  Subobject Type: %s, length %u",
                            ident,
                            tok2str(rsvp_obj_xro_values,
                                    "Unknown %u",
-                                   RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)));                
+                                   RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)),
+                           *(obj_tptr+1));                
+
+                    if (*(obj_tptr+1) == 0) { /* prevent infinite loops */
+                        printf("%s  ERROR: zero length ERO subtype",ident);
+                        break;
+                    }
+
                     switch(RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)) {
                     case RSVP_OBJ_XRO_IPV4:
                         printf(", %s, %s/%u, Flags: [%s]",
@@ -1261,6 +1277,8 @@ rsvp_obj_print (const u_char *tptr, const char *ident, u_int tlen) {
                            *(obj_tptr+1));
                     if (obj_tlen < *(obj_tptr+1))
                         return-1;
+                    if (*(obj_tptr+1) < 2)
+                        return -1;
                     print_unknown_data(obj_tptr+2,"\n\t\t",*(obj_tptr+1)-2);
                     obj_tlen-=*(obj_tptr+1);
                     obj_tptr+=*(obj_tptr+1);
@@ -1415,6 +1433,12 @@ rsvp_print(register const u_char *pptr, register u_int len) {
                 return;
             }
 
+            if (tlen < subtlen) {
+                printf("ERROR: common header too large %u > %u", subtlen,
+                       tlen);
+                return;
+            }
+
             subtptr+=sizeof(const struct rsvp_common_header);
             subtlen-=sizeof(const struct rsvp_common_header);