X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/51670d19496d42a99ced7358dab6fbdce94b7708..ddc9d5bcaee247fbe928bccea800c02994a657c4:/print-vqp.c diff --git a/print-vqp.c b/print-vqp.c index e583f445..ebc25fc9 100644 --- a/print-vqp.c +++ b/print-vqp.c @@ -12,19 +12,18 @@ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * - * support for the Cisco prop. VQP Protocol - * * Original code by Carles Kishimoto */ -#define NETDISSECT_REWORKED +/* \summary: Cisco VLAN Query Protocol (VQP) printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include -#include "interface.h" +#include "netdissect.h" #include "extract.h" #include "addrtoname.h" @@ -44,16 +43,16 @@ */ struct vqp_common_header_t { - u_int8_t version; - u_int8_t msg_type; - u_int8_t error_code; - u_int8_t nitems; - u_int8_t sequence[4]; + uint8_t version; + uint8_t msg_type; + uint8_t error_code; + uint8_t nitems; + uint8_t sequence[4]; }; struct vqp_obj_tlv_t { - u_int8_t obj_type[4]; - u_int8_t obj_length[2]; + uint8_t obj_type[4]; + uint8_t obj_length[2]; }; #define VQP_OBJ_REQ_JOIN_PORT 0x01 @@ -98,21 +97,23 @@ static const struct tok vqp_obj_values[] = { }; void -vqp_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) +vqp_print(netdissect_options *ndo, const u_char *pptr, u_int len) { const struct vqp_common_header_t *vqp_common_header; const struct vqp_obj_tlv_t *vqp_obj_tlv; const u_char *tptr; - u_int16_t vqp_obj_len; - u_int32_t vqp_obj_type; - int tlen; - u_int8_t nitems; + uint16_t vqp_obj_len; + uint32_t vqp_obj_type; + u_int tlen; + uint8_t nitems; tptr=pptr; tlen = len; vqp_common_header = (const struct vqp_common_header_t *)pptr; ND_TCHECK(*vqp_common_header); + if (sizeof(struct vqp_common_header_t) > tlen) + goto trunc; /* * Sanity checking of the header. @@ -141,19 +142,22 @@ vqp_print(netdissect_options *ndo, register const u_char *pptr, register u_int l tok2str(vqp_msg_type_values, "unknown (%u)",vqp_common_header->msg_type), tok2str(vqp_error_code_values, "unknown (%u)",vqp_common_header->error_code), vqp_common_header->error_code, - EXTRACT_32BITS(&vqp_common_header->sequence), + EXTRACT_BE_U_4(&vqp_common_header->sequence), nitems, len)); /* skip VQP Common header */ - tptr+=sizeof(const struct vqp_common_header_t); - tlen-=sizeof(const struct vqp_common_header_t); + tptr+=sizeof(struct vqp_common_header_t); + tlen-=sizeof(struct vqp_common_header_t); while (nitems > 0 && tlen > 0) { vqp_obj_tlv = (const struct vqp_obj_tlv_t *)tptr; - vqp_obj_type = EXTRACT_32BITS(vqp_obj_tlv->obj_type); - vqp_obj_len = EXTRACT_16BITS(vqp_obj_tlv->obj_length); + ND_TCHECK(*vqp_obj_tlv); + if (sizeof(struct vqp_obj_tlv_t) > tlen) + goto trunc; + vqp_obj_type = EXTRACT_BE_U_4(vqp_obj_tlv->obj_type); + vqp_obj_len = EXTRACT_BE_U_2(vqp_obj_tlv->obj_length); tptr+=sizeof(struct vqp_obj_tlv_t); tlen-=sizeof(struct vqp_obj_tlv_t); @@ -167,12 +171,15 @@ vqp_print(netdissect_options *ndo, register const u_char *pptr, register u_int l } /* did we capture enough for fully decoding the object ? */ - if (!ND_TTEST2(*tptr, vqp_obj_len)) + ND_TCHECK_LEN(tptr, vqp_obj_len); + if (vqp_obj_len > tlen) goto trunc; switch(vqp_obj_type) { case VQP_OBJ_IP_ADDRESS: - ND_PRINT((ndo, "%s (0x%08x)", ipaddr_string(tptr), EXTRACT_32BITS(tptr))); + if (vqp_obj_len != 4) + goto trunc; + ND_PRINT((ndo, "%s (0x%08x)", ipaddr_string(ndo, tptr), EXTRACT_BE_U_4(tptr))); break; /* those objects have similar semantics - fall through */ case VQP_OBJ_PORT_NAME: @@ -184,7 +191,9 @@ vqp_print(netdissect_options *ndo, register const u_char *pptr, register u_int l /* those objects have similar semantics - fall through */ case VQP_OBJ_MAC_ADDRESS: case VQP_OBJ_MAC_NULL: - ND_PRINT((ndo, "%s", etheraddr_string(tptr))); + if (vqp_obj_len != MAC_ADDR_LEN) + goto trunc; + ND_PRINT((ndo, "%s", etheraddr_string(ndo, tptr))); break; default: if (ndo->ndo_vflag <= 1)