X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/50dfa7ecebfef0f954f3ac2e6bbbf84ab468f848..HEAD:/print-eap.c diff --git a/print-eap.c b/print-eap.c index 04acccb2..174f9c94 100644 --- a/print-eap.c +++ b/print-eap.c @@ -20,12 +20,11 @@ /* \summary: Extensible Authentication Protocol (EAP) printer */ -#ifdef HAVE_CONFIG_H #include -#endif #include "netdissect-stdinc.h" +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "extract.h" @@ -42,11 +41,11 @@ struct eap_frame_t { }; static const struct tok eap_frame_type_values[] = { - { EAP_FRAME_TYPE_PACKET, "EAP packet" }, - { EAP_FRAME_TYPE_START, "EAPOL start" }, - { EAP_FRAME_TYPE_LOGOFF, "EAPOL logoff" }, - { EAP_FRAME_TYPE_KEY, "EAPOL key" }, - { EAP_FRAME_TYPE_ENCAP_ASF_ALERT, "Encapsulated ASF alert" }, + { EAP_FRAME_TYPE_PACKET, "EAP packet" }, + { EAP_FRAME_TYPE_START, "EAPOL start" }, + { EAP_FRAME_TYPE_LOGOFF, "EAPOL logoff" }, + { EAP_FRAME_TYPE_KEY, "EAPOL key" }, + { EAP_FRAME_TYPE_ENCAP_ASF_ALERT, "Encapsulated ASF alert" }, { 0, NULL} }; @@ -89,21 +88,21 @@ static const struct tok eap_type_values[] = { { EAP_TYPE_NO_PROPOSED, "No proposed" }, { EAP_TYPE_IDENTITY, "Identity" }, { EAP_TYPE_NOTIFICATION, "Notification" }, - { EAP_TYPE_NAK, "Nak" }, + { EAP_TYPE_NAK, "Nak" }, { EAP_TYPE_MD5_CHALLENGE, "MD5-challenge" }, - { EAP_TYPE_OTP, "OTP" }, - { EAP_TYPE_GTC, "GTC" }, - { EAP_TYPE_TLS, "TLS" }, - { EAP_TYPE_SIM, "SIM" }, - { EAP_TYPE_TTLS, "TTLS" }, - { EAP_TYPE_AKA, "AKA" }, - { EAP_TYPE_FAST, "FAST" }, + { EAP_TYPE_OTP, "OTP" }, + { EAP_TYPE_GTC, "GTC" }, + { EAP_TYPE_TLS, "TLS" }, + { EAP_TYPE_SIM, "SIM" }, + { EAP_TYPE_TTLS, "TTLS" }, + { EAP_TYPE_AKA, "AKA" }, + { EAP_TYPE_FAST, "FAST" }, { EAP_TYPE_EXPANDED_TYPES, "Expanded types" }, { EAP_TYPE_EXPERIMENTAL, "Experimental" }, { 0, NULL} }; -#define EAP_TLS_EXTRACT_BIT_L(x) (((x)&0x80)>>7) +#define EAP_TLS_EXTRACT_BIT_L(x) (((x)&0x80)>>7) /* RFC 5216 - EAP TLS bits */ #define EAP_TLS_FLAGS_LEN_INCLUDED (1 << 7) @@ -149,14 +148,17 @@ static const struct tok eap_aka_subtype_values[] = { void eap_print(netdissect_options *ndo, const u_char *cp, - u_int length) + const u_int length) { u_int type, subtype, len; u_int count; + const char *sep; + ndo->ndo_protocol = "eap"; type = GET_U_1(cp); len = GET_BE_U_2(cp + 2); - if(len != length) { + ND_ICHECK_U(len, <, 4); + if (len != length) { /* * Probably a fragment; in some cases the fragmentation might * not put an EAP header on every packet, if reassembly can @@ -171,19 +173,12 @@ eap_print(netdissect_options *ndo, type, GET_U_1((cp + 1)), len); - if (len < 4) { - ND_PRINT(" (too short for EAP header)"); - return; - } ND_TCHECK_LEN(cp, len); if (type == EAP_REQUEST || type == EAP_RESPONSE) { /* RFC 3748 Section 4.1 */ - if (len < 5) { - ND_PRINT(" (too short for EAP request/response)"); - return; - } + ND_ICHECK_U(len, <, 5); subtype = GET_U_1(cp + 4); ND_PRINT("\n\t\t Type %s (%u)", tok2str(eap_type_values, "unknown", subtype), @@ -192,7 +187,7 @@ eap_print(netdissect_options *ndo, switch (subtype) { case EAP_TYPE_IDENTITY: /* According to RFC 3748, the message is optional */ - if (len > 5 ) { + if (len > 5) { ND_PRINT(", Identity: "); nd_printjnp(ndo, cp + 5, len - 5); } @@ -200,10 +195,7 @@ eap_print(netdissect_options *ndo, case EAP_TYPE_NOTIFICATION: /* According to RFC 3748, there must be at least one octet of message */ - if (len < 6) { - ND_PRINT(" (too short for EAP Notification request/response)"); - return; - } + ND_ICHECK_U(len, <, 6); ND_PRINT(", Notification: "); nd_printjnp(ndo, cp + 5, len - 5); break; @@ -214,56 +206,43 @@ eap_print(netdissect_options *ndo, * the desired authentication * type one octet per type */ - if (len < 6) { - ND_PRINT(" (too short for EAP Legacy NAK request/response)"); - return; - } + ND_ICHECK_U(len, <, 6); + sep = ""; for (count = 5; count < len; count++) { - ND_PRINT(" %s (%u),", + ND_PRINT("%s %s (%u)", sep, tok2str(eap_type_values, "unknown", GET_U_1((cp + count))), GET_U_1(cp + count)); + sep = ","; } break; case EAP_TYPE_TTLS: case EAP_TYPE_TLS: - if (len < 6) { - ND_PRINT(" (too short for EAP TLS/TTLS request/response)"); - return; - } + ND_ICHECK_U(len, <, 6); if (subtype == EAP_TYPE_TTLS) ND_PRINT(" TTLSv%u", EAP_TTLS_VERSION(GET_U_1((cp + 5)))); - ND_PRINT(" flags [%s] 0x%02x,", + ND_PRINT(" flags [%s] 0x%02x", bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))), GET_U_1(cp + 5)); if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) { - if (len < 10) { - ND_PRINT(" (too short for EAP TLS/TTLS request/response with length)"); - return; - } - ND_PRINT(" len %u", GET_BE_U_4(cp + 6)); + ND_ICHECK_U(len, <, 10); + ND_PRINT(", len %u", GET_BE_U_4(cp + 6)); } break; case EAP_TYPE_FAST: - if (len < 6) { - ND_PRINT(" (too short for EAP FAST request/response)"); - return; - } + ND_ICHECK_U(len, <, 6); ND_PRINT(" FASTv%u", EAP_TTLS_VERSION(GET_U_1((cp + 5)))); - ND_PRINT(" flags [%s] 0x%02x,", + ND_PRINT(" flags [%s] 0x%02x", bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))), GET_U_1(cp + 5)); if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) { - if (len < 10) { - ND_PRINT(" (too short for EAP FAST request/response with length)"); - return; - } - ND_PRINT(" len %u", GET_BE_U_4(cp + 6)); + ND_ICHECK_U(len, <, 10); + ND_PRINT(", len %u", GET_BE_U_4(cp + 6)); } /* FIXME - TLV attributes follow */ @@ -271,11 +250,8 @@ eap_print(netdissect_options *ndo, case EAP_TYPE_AKA: case EAP_TYPE_SIM: - if (len < 6) { - ND_PRINT(" (too short for EAP SIM/AKA request/response)"); - return; - } - ND_PRINT(" subtype [%s] 0x%02x,", + ND_ICHECK_U(len, <, 6); + ND_PRINT(" subtype [%s] 0x%02x", tok2str(eap_aka_subtype_values, "unknown", GET_U_1((cp + 5))), GET_U_1(cp + 5)); @@ -292,8 +268,9 @@ eap_print(netdissect_options *ndo, } } return; -trunc: - nd_print_trunc(ndo); + +invalid: + nd_print_invalid(ndo); } void @@ -305,7 +282,6 @@ eapol_print(netdissect_options *ndo, ndo->ndo_protocol = "eap"; eap = (const struct eap_frame_t *)cp; - ND_TCHECK_SIZE(eap); eap_type = GET_U_1(eap->type); ND_PRINT("%s (%u) v%u, len %u", @@ -322,10 +298,10 @@ eapol_print(netdissect_options *ndo, switch (eap_type) { case EAP_FRAME_TYPE_PACKET: if (eap_len == 0) - goto trunc; + goto invalid; ND_PRINT(", "); eap_print(ndo, cp, eap_len); - return; + break; case EAP_FRAME_TYPE_LOGOFF: case EAP_FRAME_TYPE_ENCAP_ASF_ALERT: default: @@ -333,6 +309,6 @@ eapol_print(netdissect_options *ndo, } return; - trunc: - nd_print_trunc(ndo); +invalid: + nd_print_invalid(ndo); }