C compilers can, and some do, optimize away pointer underflow checks.

[tcpdump] / print-udp.c

diff --git a/print-udp.c b/print-udp.c
index f534c1bb459e708bbe5dc392412804d6554dde08..8f07ef7de4665cbe11fddacaf9e22fe2093aaf4a 100644 (file)
--- a/print-udp.c
+++ b/print-udp.c
@@ -33,7 +33,6 @@ static const char rcsid[] _U_ =
 #ifdef SEGSIZE
 #undef SEGSIZE
 #endif
-#include <arpa/tftp.h>
 
 #include <stdio.h>
 #include <string.h>
@@ -438,7 +437,6 @@ udp_print(register const u_char *bp, u_int length,
        else
                ip6 = NULL;
 #endif /*INET6*/
-       cp = (u_char *)(up + 1);
        if (!TTEST(up->uh_dport)) {
                udpipaddr_print(ip, -1, -1);
                (void)printf("[|udp]");
@@ -453,20 +451,24 @@ udp_print(register const u_char *bp, u_int length,
                (void)printf("truncated-udp %d", length);
                return;
        }
-       length -= sizeof(struct udphdr);
-
-       if (cp > snapend) {
+       ulen = EXTRACT_16BITS(&up->uh_ulen);
+       if (ulen < sizeof(struct udphdr)) {
                udpipaddr_print(ip, sport, dport);
-               (void)printf("[|udp]");
+               printf("truncated-udplength %d", ulen);
                return;
        }
+       ulen -= sizeof(struct udphdr);
+       length -= sizeof(struct udphdr);
+       if (ulen < length)
+               length = ulen;
 
-       ulen = EXTRACT_16BITS(&up->uh_ulen);
-       if (ulen < 8) {
+       cp = (u_char *)(up + 1);
+       if (cp > snapend) {
                udpipaddr_print(ip, sport, dport);
-               (void)printf("truncated-udplength %d", ulen);
+               printf("[|udp]");
                return;
        }
+
        if (packettype) {
                register struct sunrpc_msg *rp;
                enum sunrpc_msg_type direction;
@@ -568,7 +570,7 @@ udp_print(register const u_char *bp, u_int length,
        }
        udpipaddr_print(ip, sport, dport);
 
-       if (IP_V(ip) == 4 && (vflag > 1) && !fragmented) {
+       if (IP_V(ip) == 4 && (vflag > 1) && !Kflag && !fragmented) {
                int sum = up->uh_sum;
                if (sum == 0) {
                        (void)printf("[no cksum] ");
@@ -581,7 +583,7 @@ udp_print(register const u_char *bp, u_int length,
                }
        }
 #ifdef INET6
-       if (IP_V(ip) == 6 && ip6->ip6_plen && vflag && !fragmented) {
+       if (IP_V(ip) == 6 && ip6->ip6_plen && vflag && !Kflag && !fragmented) {
                int sum = up->uh_sum;
                /* for IPv6, UDP checksum is mandatory */
                if (TTEST2(cp[0], length)) {
@@ -672,11 +674,16 @@ udp_print(register const u_char *bp, u_int length,
                        hsrp_print((const u_char *)(up + 1), length);
                else if (ISPORT(LWRES_PORT))
                        lwres_print((const u_char *)(up + 1), length);
-                else if (ISPORT(LDP_PORT))
+               else if (ISPORT(LDP_PORT))
                        ldp_print((const u_char *)(up + 1), length);
-                else if (ISPORT(OLSR_PORT))
-                       olsr_print((const u_char *)(up + 1), length);
-                else if (ISPORT(MPLS_LSP_PING_PORT))
+               else if (ISPORT(OLSR_PORT))
+                       olsr_print((const u_char *)(up + 1), length,
+#if INET6
+                                       (IP_V(ip) == 6) ? 1 : 0);
+#else
+                                       0);
+#endif
+               else if (ISPORT(MPLS_LSP_PING_PORT))
                        lspping_print((const u_char *)(up + 1), length);
                else if (dport == BFD_CONTROL_PORT ||
                         dport == BFD_ECHO_PORT )
@@ -697,12 +704,21 @@ udp_print(register const u_char *bp, u_int length,
                        sip_print((const u_char *)(up + 1), length);
                 else if (ISPORT(SYSLOG_PORT))
                        syslog_print((const u_char *)(up + 1), length);
-               else
-                       (void)printf("UDP, length %u",
-                           (u_int32_t)(ulen - sizeof(*up)));
+               else {
+                       if (ulen > length)
+                               printf("UDP, bad length %u > %u",
+                                   ulen, length);
+                       else
+                               printf("UDP, length %u", ulen);
+               }
 #undef ISPORT
-       } else
-               (void)printf("UDP, length %u", (u_int32_t)(ulen - sizeof(*up)));
+       } else {
+               if (ulen > length)
+                       printf("UDP, bad length %u > %u",
+                           ulen, length);
+               else
+                       printf("UDP, length %u", ulen);
+       }
 }