X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/4da3308f277b7cb520a0edf43b2cca2bc0ed2e29..HEAD:/print-ip6.c diff --git a/print-ip6.c b/print-ip6.c index 285fc979..269b41fb 100644 --- a/print-ip6.c +++ b/print-ip6.c @@ -21,9 +21,7 @@ /* \summary: IPv6 printer */ -#ifdef HAVE_CONFIG_H #include -#endif #include "netdissect-stdinc.h" @@ -246,16 +244,8 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) ND_PRINT(" "); } - if (IP6_VERSION(ip6) != 6) { - ND_PRINT("version error: %u != 6", IP6_VERSION(ip6)); - return; - } - - ND_TCHECK_SIZE(ip6); - if (length < sizeof (struct ip6_hdr)) { - ND_PRINT("truncated-ip6 %u", length); - return; - } + ND_ICHECK_ZU(length, <, sizeof (struct ip6_hdr)); + ND_ICHECKMSG_U("version", IP6_VERSION(ip6), !=, 6); payload_len = GET_BE_U_2(ip6->ip6_plen); /* @@ -282,9 +272,12 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) */ if (payload_len != 0) { len = payload_len + sizeof(struct ip6_hdr); - if (length < len) - ND_PRINT("truncated-ip6 - %u bytes missing!", - len - length); + if (len > length) { + ND_PRINT("[header+payload length %u > length %u]", + len, length); + nd_print_invalid(ndo); + ND_PRINT(" "); + } } else len = length + sizeof(struct ip6_hdr); @@ -299,17 +292,20 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) if (flow & 0x000fffff) ND_PRINT("flowlabel 0x%05x, ", flow & 0x000fffff); - ND_PRINT("hlim %u, next-header %s (%u) payload length: %u) ", + ND_PRINT("hlim %u, next-header %s (%u), payload length %u) ", GET_U_1(ip6->ip6_hlim), tok2str(ipproto_values,"unknown",nh), nh, payload_len); } + ND_TCHECK_SIZE(ip6); /* - * Cut off the snapshot length to the end of the IP payload. + * Cut off the snapshot length to the end of the IP payload + * or the end of the data in which it's contained, whichever + * comes first. */ - if (!nd_push_snaplen(ndo, bp, len)) { + if (!nd_push_snaplen(ndo, bp, ND_MIN(length, len))) { (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, "%s: can't push snaplen on buffer stack", __func__); } @@ -332,7 +328,7 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) nh != IPPROTO_TCP && nh != IPPROTO_UDP && nh != IPPROTO_DCCP && nh != IPPROTO_SCTP) { ND_PRINT("%s > %s: ", GET_IP6ADDR_STRING(ip6->ip6_src), - GET_IP6ADDR_STRING(ip6->ip6_dst)); + GET_IP6ADDR_STRING(ip6->ip6_dst)); } switch (nh) { @@ -391,7 +387,7 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) case IPPROTO_MOBILITY_OLD: case IPPROTO_MOBILITY: /* - * XXX - we don't use "advance"; RFC 3775 says that + * RFC 3775 says that * the next header field in a mobility header * should be IPPROTO_NONE, but speaks of * the possibility of a future extension in @@ -438,9 +434,12 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) len = payload_len + sizeof(struct ip6_hdr); if (len < total_advance) goto trunc; - if (length < len) - ND_PRINT("truncated-ip6 - %u bytes missing!", - len - length); + if (len > length) { + ND_PRINT("[header+payload length %u > length %u]", + len, length); + nd_print_invalid(ndo); + ND_PRINT(" "); + } nd_change_snaplen(ndo, bp, len); /* @@ -501,4 +500,8 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) return; trunc: nd_print_trunc(ndo); + return; + +invalid: + nd_print_invalid(ndo); }