X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/1cde6435df23876fb88998e38739def0dc7dca47..1fb50928ce27360c1c987312774f686b23c69b51:/print-ppp.c

diff --git a/print-ppp.c b/print-ppp.c
index c03ae881..ee8239c7 100644
--- a/print-ppp.c
+++ b/print-ppp.c
@@ -22,6 +22,8 @@
  * complete PPP support.
  */
 
+/* \summary: Point to Point Protocol (PPP) printer */
+
 /*
  * TODO:
  * o resolve XXX as much as possible
@@ -29,12 +31,11 @@
  * o BAP support
  */
 
-#define NETDISSECT_REWORKED
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 
-#include <tcpdump-stdinc.h>
+#include <netdissect-stdinc.h>
 
 #ifdef __bsdi__
 #include <net/slcompress.h>
@@ -43,7 +44,7 @@
 
 #include <stdlib.h>
 
-#include "interface.h"
+#include "netdissect.h"
 #include "extract.h"
 #include "addrtoname.h"
 #include "ppp.h"
@@ -548,7 +549,7 @@ handle_ctrl_proto(netdissect_options *ndo,
 		/* RFC 1661 says this is intended to be human readable */
 		if (len > 8) {
 			ND_PRINT((ndo, "\n\t  Message\n\t    "));
-			if (fn_printn(tptr + 4, len - 4, ndo->ndo_snapend))
+			if (fn_printn(ndo, tptr + 4, len - 4, ndo->ndo_snapend))
 				goto trunc;
 		}
 		break;
@@ -738,9 +739,8 @@ print_lcp_config_options(netdissect_options *ndo,
 				ND_PRINT((ndo, " (length bogus, should be = 9)"));
 				return 0;
 			}
-			ND_TCHECK(p[8]);
-			ND_PRINT((ndo, ": MAC %02x:%02x:%02x:%02x:%02x:%02x",
-			       p[3], p[4], p[5], p[6], p[7], p[8]));
+			ND_TCHECK2(*(p + 3), 6);
+			ND_PRINT((ndo, ": MAC %s", etheraddr_string(ndo, p + 3)));
 			break;
 		case MEDCLASS_MNB:
 			ND_PRINT((ndo, ": Magic-Num-Block")); /* XXX */
@@ -806,8 +806,8 @@ static const struct tok ppp_ml_flag_values[] = {
 
 static void
 handle_mlppp(netdissect_options *ndo,
-             const u_char *p, int length) {
-
+             const u_char *p, int length)
+{
     if (!ndo->ndo_eflag)
         ND_PRINT((ndo, "MLPPP, "));
 
@@ -944,6 +944,9 @@ handle_pap(netdissect_options *ndo,
 
 	switch (code) {
 	case PAP_AREQ:
+		/* A valid Authenticate-Request is 6 or more octets long. */
+		if (len < 6)
+			goto trunc;
 		if (length - (p - p0) < 1)
 			return;
 		ND_TCHECK(*p);
@@ -972,6 +975,13 @@ handle_pap(netdissect_options *ndo,
 		break;
 	case PAP_AACK:
 	case PAP_ANAK:
+		/* Although some implementations ignore truncation at
+		 * this point and at least one generates a truncated
+		 * packet, RFC 1334 section 2.2.2 clearly states that
+		 * both AACK and ANAK are at least 5 bytes long.
+		 */
+		if (len < 5)
+			goto trunc;
 		if (length - (p - p0) < 1)
 			return;
 		ND_TCHECK(*p);
@@ -1242,8 +1252,8 @@ print_ccp_config_options(netdissect_options *ndo,
 		}
 		ND_TCHECK2(*(p + 2), 1);
 		ND_PRINT((ndo, ": Features: %u, PxP: %s, History: %u, #CTX-ID: %u",
-				(p[2] & 0xc0) >> 5,
-				(p[2] & 0x200) ? "Enabled" : "Disabled",
+				(p[2] & 0xc0) >> 6,
+				(p[2] & 0x20) ? "Enabled" : "Disabled",
 				p[2] & 0x1f, p[3]));
 		break;
 	case CCPOPT_DEFLATE:
@@ -1352,14 +1362,15 @@ static void
 ppp_hdlc(netdissect_options *ndo,
          const u_char *p, int length)
 {
-	u_char *b, *s, *t, c;
+	u_char *b, *t, c;
+	const u_char *s;
 	int i, proto;
 	const void *se;
 
         if (length <= 0)
                 return;
 
-	b = (u_int8_t *)malloc(length);
+	b = (u_char *)malloc(length);
 	if (b == NULL)
 		return;
 
@@ -1368,14 +1379,13 @@ ppp_hdlc(netdissect_options *ndo,
 	 * Do this so that we dont overwrite the original packet
 	 * contents.
 	 */
-	for (s = (u_char *)p, t = b, i = length; i > 0; i--) {
+	for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) {
 		c = *s++;
 		if (c == 0x7d) {
-			if (i > 1) {
-				i--;
-				c = *s++ ^ 0x20;
-			} else
-				continue;
+			if (i <= 1 || !ND_TTEST(*s))
+				break;
+			i--;
+			c = *s++ ^ 0x20;
 		}
 		*t++ = c;
 	}
@@ -1393,11 +1403,9 @@ ppp_hdlc(netdissect_options *ndo,
         case PPP_IP:
 		ip_print(ndo, b + 1, length - 1);
 		goto cleanup;
-#ifdef INET6
         case PPP_IPV6:
 		ip6_print(ndo, b + 1, length - 1);
 		goto cleanup;
-#endif
         default: /* no luck - try next guess */
 		break;
         }
@@ -1467,12 +1475,10 @@ handle_ppp(netdissect_options *ndo,
 	case PPP_IP:
 		ip_print(ndo, p, length);
 		break;
-#ifdef INET6
 	case ETHERTYPE_IPV6:	/*XXX*/
 	case PPP_IPV6:
 		ip6_print(ndo, p, length);
 		break;
-#endif
 	case ETHERTYPE_IPX:	/*XXX*/
 	case PPP_IPX:
 		ipx_print(ndo, p, length);
@@ -1675,6 +1681,11 @@ ppp_hdlc_if_print(netdissect_options *ndo,
 		return (chdlc_if_print(ndo, h, p));
 
 	default:
+		if (caplen < 4) {
+			ND_PRINT((ndo, "[|ppp]"));
+			return (caplen);
+		}
+
 		if (ndo->ndo_eflag)
 			ND_PRINT((ndo, "%02x %02x %d ", p[0], p[1], length));
 		p += 2;
@@ -1703,7 +1714,7 @@ ppp_bsdos_if_print(netdissect_options *ndo _U_,
 #ifdef __bsdi__
 	register u_int length = h->len;
 	register u_int caplen = h->caplen;
-	u_int16_t ptype;
+	uint16_t ptype;
 	const u_char *q;
 	int i;
 
@@ -1782,11 +1793,9 @@ ppp_bsdos_if_print(netdissect_options *ndo _U_,
 			case PPP_IP:
 				ip_print(ndo, p, length);
 				break;
-#ifdef INET6
 			case PPP_IPV6:
 				ip6_print(ndo, p, length);
 				break;
-#endif
 			case PPP_MPLS_UCAST:
 			case PPP_MPLS_MCAST:
 				mpls_print(ndo, p, length);
@@ -1801,11 +1810,9 @@ ppp_bsdos_if_print(netdissect_options *ndo _U_,
 			case PPP_IP:
 				ip_print(ndo, p, length);
 				break;
-#ifdef INET6
 			case PPP_IPV6:
 				ip6_print(ndo, p, length);
 				break;
-#endif
 			case PPP_MPLS_UCAST:
 			case PPP_MPLS_MCAST:
 				mpls_print(ndo, p, length);
@@ -1833,11 +1840,9 @@ ppp_bsdos_if_print(netdissect_options *ndo _U_,
 	case PPP_IP:
 		ip_print(p, length);
 		break;
-#ifdef INET6
 	case PPP_IPV6:
 		ip6_print(ndo, p, length);
 		break;
-#endif
 	case PPP_MPLS_UCAST:
 	case PPP_MPLS_MCAST:
 		mpls_print(ndo, p, length);