X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/575802711065f9705c3c193eab0f8c7e60f7ee60..ae05d24b8704024d2331d03475a9e6a213b19c69:/print-tcp.c

diff --git a/print-tcp.c b/print-tcp.c
index 90f51a4c..025e50d2 100644
--- a/print-tcp.c
+++ b/print-tcp.c
@@ -21,7 +21,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.114 2004-04-26 06:17:31 itojun Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.119 2004-12-27 00:41:31 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -30,8 +30,6 @@ static const char rcsid[] _U_ =
 
 #include <tcpdump-stdinc.h>
 
-#include <rpc/rpc.h>
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -47,12 +45,18 @@ static const char rcsid[] _U_ =
 #include "ip6.h"
 #endif
 #include "ipproto.h"
+#include "rpc_auth.h"
+#include "rpc_msg.h"
 
 #include "nameser.h"
 
 #ifdef HAVE_LIBCRYPTO
 #include <openssl/md5.h>
 
+#define SIGNATURE_VALID		0
+#define SIGNATURE_INVALID	1
+#define CANT_CHECK_SIGNATURE	2
+
 static int tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
     const u_char *data, int length, const u_char *rcvsig);
 #endif
@@ -219,17 +223,18 @@ tcp_print(register const u_char *bp, register u_int length,
 	hlen = TH_OFF(tp) * 4;
 
 	/*
-	 * If data present and NFS port used, assume NFS.
+	 * If data present, header length valid, and NFS port used,
+	 * assume NFS.
 	 * Pass offset of data plus 4 bytes for RPC TCP msg length
 	 * to NFS print routines.
 	 */
-	if (!qflag) {
-		if ((u_char *)tp + 4 + sizeof(struct rpc_msg) <= snapend &&
+	if (!qflag && hlen >= sizeof(*tp) && hlen <= length) {
+		if ((u_char *)tp + 4 + sizeof(struct sunrpc_msg) <= snapend &&
 		    dport == NFS_PORT) {
 			nfsreq_print((u_char *)tp + hlen + 4, length - hlen,
 				     (u_char *)ip);
 			return;
-		} else if ((u_char *)tp + 4 + sizeof(struct rpc_msg)
+		} else if ((u_char *)tp + 4 + sizeof(struct sunrpc_msg)
 			   <= snapend &&
 			   sport == NFS_PORT) {
 			nfsreply_print((u_char *)tp + hlen + 4, length - hlen,
@@ -264,6 +269,12 @@ tcp_print(register const u_char *bp, register u_int length,
 		}
 	}
 
+	if (hlen < sizeof(*tp)) {
+		(void)printf(" tcp %d [bad hdr length %u - too short, < %lu]",
+		    length - hlen, hlen, (unsigned long)sizeof(*tp));
+		return;
+	}
+
 	TCHECK(*tp);
 
 	seq = EXTRACT_32BITS(&tp->th_seq);
@@ -272,7 +283,11 @@ tcp_print(register const u_char *bp, register u_int length,
 	urp = EXTRACT_16BITS(&tp->th_urp);
 
 	if (qflag) {
-		(void)printf("tcp %d", length - TH_OFF(tp) * 4);
+		(void)printf("tcp %d", length - hlen);
+		if (hlen > length) {
+			(void)printf(" [bad hdr length %u - too long, > %u]",
+			    hlen, length);
+		}
 		return;
 	}
 	if ((flags = tp->th_flags) & (TH_SYN|TH_FIN|TH_RST|TH_PUSH|
@@ -398,7 +413,8 @@ tcp_print(register const u_char *bp, register u_int length,
 		thseq = thack = threv = 0;
 	}
 	if (hlen > length) {
-		(void)printf(" [bad hdr length]");
+		(void)printf(" [bad hdr length %u - too long, > %u]",
+		    hlen, length);
 		return;
 	}
 
@@ -577,11 +593,23 @@ tcp_print(register const u_char *bp, register u_int length,
 				datalen = TCP_SIGLEN;
 				LENCHECK(datalen);
 #ifdef HAVE_LIBCRYPTO
-				if (tcp_verify_signature(ip, tp,
-				    bp + TH_OFF(tp) * 4, length, cp) == 0)
+				switch (tcp_verify_signature(ip, tp,
+				    bp + TH_OFF(tp) * 4, length, cp)) {
+
+				case SIGNATURE_VALID:
 					(void)printf("valid");
-				else
+					break;
+
+				case SIGNATURE_INVALID:
 					(void)printf("invalid");
+					break;
+
+				case CANT_CHECK_SIGNATURE:
+					(void)printf("can't check - ");
+					for (i = 0; i < TCP_SIGLEN; ++i)
+						(void)printf("%02x", cp[i]);
+					break;
+				}
 #else
 				for (i = 0; i < TCP_SIGLEN; ++i)
 					(void)printf("%02x", cp[i]);
@@ -650,8 +678,9 @@ tcp_print(register const u_char *bp, register u_int length,
 		} else if (sport == MSDP_PORT || dport == MSDP_PORT) {
 			msdp_print(bp, length);
 		}
-                else if (sport == LDP_PORT || dport == LDP_PORT)
-                        printf(": LDP, length: %u", length);
+                else if (length > 0 && (sport == LDP_PORT || dport == LDP_PORT)) {
+                        ldp_print(bp, length);
+		}
 	}
 	return;
 bad:
@@ -711,14 +740,16 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
 	char zero_proto = 0;
 	MD5_CTX ctx;
 	u_int16_t savecsum, tlen;
+#ifdef INET6
 	struct ip6_hdr *ip6;
+#endif
 	u_int32_t len32;
 	u_int8_t nxt;
 
 	tp1 = *tp;
 
 	if (tcpmd5secret == NULL)
-		return (-1);
+		return (CANT_CHECK_SIGNATURE);
 
 	MD5_Init(&ctx);
 	/*
@@ -732,6 +763,7 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
 		tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4;
 		tlen = htons(tlen);
 		MD5_Update(&ctx, (char *)&tlen, sizeof(tlen));
+#ifdef INET6
 	} else if (IP_V(ip) == 6) {
 		ip6 = (struct ip6_hdr *)ip;
 		MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src));
@@ -744,8 +776,9 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
 		MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
 		nxt = IPPROTO_TCP;
 		MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
+#endif
 	} else
-		return (-1);
+		return (CANT_CHECK_SIGNATURE);
 
 	/*
 	 * Step 2: Update MD5 hash with TCP header, excluding options.
@@ -766,6 +799,9 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
 	MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret));
 	MD5_Final(sig, &ctx);
 
-	return (memcmp(rcvsig, sig, 16));
+	if (memcmp(rcvsig, sig, 16))
+		return (SIGNATURE_VALID);
+	else
+		return (SIGNATURE_INVALID);
 }
 #endif /* HAVE_LIBCRYPTO */