X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/5d85aa67ed0a3ade5096d58c75169b23e87ecb8a..refs/pull/482/head:/print-cdp.c?ds=inline

diff --git a/print-cdp.c b/print-cdp.c
index 880b81cd..96ef143b 100644
--- a/print-cdp.c
+++ b/print-cdp.c
@@ -24,23 +24,29 @@
  *    http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm
  */
 
-#define NETDISSECT_REWORKED
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 
-#include <tcpdump-stdinc.h>
+#include <netdissect-stdinc.h>
 
 #include <string.h>
 
-#include "interface.h"
+#include "netdissect.h"
 #include "addrtoname.h"
-#include "extract.h"			/* must come after interface.h */
+#include "extract.h"
 #include "nlpid.h"
 
 static const char tstr[] = "[|cdp]";
 
-#define CDP_HEADER_LEN  4
+#define CDP_HEADER_LEN             4
+#define CDP_HEADER_VERSION_OFFSET  0
+#define CDP_HEADER_TTL_OFFSET      1
+#define CDP_HEADER_CHECKSUM_OFFSET 2
+
+#define CDP_TLV_HEADER_LEN  4
+#define CDP_TLV_TYPE_OFFSET 0
+#define CDP_TLV_LEN_OFFSET  2
 
 static const struct tok cdp_tlv_values[] = {
     { 0x01,             "Device-ID"},
@@ -87,144 +93,167 @@ cdp_print(netdissect_options *ndo,
           const u_char *pptr, u_int length, u_int caplen)
 {
 	int type, len, i, j;
-        const u_char *tptr;
+	const u_char *tptr;
 
 	if (caplen < CDP_HEADER_LEN) {
 		ND_PRINT((ndo, "%s", tstr));
 		return;
 	}
 
-        tptr = pptr; /* temporary pointer */
+	tptr = pptr; /* temporary pointer */
 
-	if (!ND_TTEST2(*tptr, CDP_HEADER_LEN))
-		goto trunc;
-	ND_PRINT((ndo, "CDPv%u, ttl: %us", *tptr, *(tptr + 1)));
+	ND_TCHECK2(*tptr, CDP_HEADER_LEN);
+	ND_PRINT((ndo, "CDPv%u, ttl: %us", *(tptr + CDP_HEADER_VERSION_OFFSET),
+					   *(tptr + CDP_HEADER_TTL_OFFSET)));
 	if (ndo->ndo_vflag)
-		ND_PRINT((ndo, ", checksum: %u (unverified), length %u", EXTRACT_16BITS(tptr), length));
+		ND_PRINT((ndo, ", checksum: 0x%04x (unverified), length %u", EXTRACT_16BITS(tptr+CDP_HEADER_CHECKSUM_OFFSET), length));
 	tptr += CDP_HEADER_LEN;
 
 	while (tptr < (pptr+length)) {
+		ND_TCHECK2(*tptr, CDP_TLV_HEADER_LEN); /* read out Type and Length */
+		type = EXTRACT_16BITS(tptr+CDP_TLV_TYPE_OFFSET);
+		len  = EXTRACT_16BITS(tptr+CDP_TLV_LEN_OFFSET); /* object length includes the 4 bytes header length */
+		if (len < CDP_TLV_HEADER_LEN) {
+		    if (ndo->ndo_vflag)
+			ND_PRINT((ndo, "\n\t%s (0x%02x), TLV length: %u byte%s (too short)",
+			       tok2str(cdp_tlv_values,"unknown field type", type),
+			       type,
+			       len,
+			       PLURAL_SUFFIX(len))); /* plural */
+		    else
+			ND_PRINT((ndo, ", %s TLV length %u too short",
+			       tok2str(cdp_tlv_values,"unknown field type", type),
+			       len));
+		    break;
+		}
+		tptr += CDP_TLV_HEADER_LEN;
+		len -= CDP_TLV_HEADER_LEN;
 
-                if (!ND_TTEST2(*tptr, 4)) /* read out Type and Length */
-                    goto trunc;
-		type = EXTRACT_16BITS(tptr);
-		len  = EXTRACT_16BITS(tptr+2); /* object length includes the 4 bytes header length */
-                tptr += 4;
-                len -= 4;
-
-		if (!ND_TTEST2(*tptr, len))
-			goto trunc;
+		ND_TCHECK2(*tptr, len);
 
-                if (ndo->ndo_vflag || type == 1) { /* in non-verbose mode just print Device-ID */
+		if (ndo->ndo_vflag || type == 1) { /* in non-verbose mode just print Device-ID */
 
-                    if (ndo->ndo_vflag)
-                        ND_PRINT((ndo, "\n\t%s (0x%02x), length: %u byte%s: ",
-                               tok2str(cdp_tlv_values,"unknown field type", type),
-                               type,
-                               len,
-                               PLURAL_SUFFIX(len))); /* plural */
+		    if (ndo->ndo_vflag)
+			ND_PRINT((ndo, "\n\t%s (0x%02x), value length: %u byte%s: ",
+			       tok2str(cdp_tlv_values,"unknown field type", type),
+			       type,
+			       len,
+			       PLURAL_SUFFIX(len))); /* plural */
 
-                    switch (type) {
+		    switch (type) {
 
-                    case 0x01: /* Device-ID */
-                        if (!ndo->ndo_vflag)
-                            ND_PRINT((ndo, ", Device-ID "));
-                        ND_PRINT((ndo, "'"));
-                        fn_printn(tptr, len, NULL);
-                        ND_PRINT((ndo, "'"));
+		    case 0x01: /* Device-ID */
+			if (!ndo->ndo_vflag)
+			    ND_PRINT((ndo, ", Device-ID "));
+			ND_PRINT((ndo, "'"));
+			(void)fn_printn(ndo, tptr, len, NULL);
+			ND_PRINT((ndo, "'"));
 			break;
-                    case 0x02: /* Address */
-                        if (cdp_print_addr(ndo, tptr, len) < 0)
-                            goto trunc;
+		    case 0x02: /* Address */
+			if (cdp_print_addr(ndo, tptr, len) < 0)
+			    goto trunc;
 			break;
-                    case 0x03: /* Port-ID */
-                        ND_PRINT((ndo, "'"));
-                        fn_printn(tptr, len, NULL);
-                        ND_PRINT((ndo, "'"));
+		    case 0x03: /* Port-ID */
+			ND_PRINT((ndo, "'"));
+			(void)fn_printn(ndo, tptr, len, NULL);
+			ND_PRINT((ndo, "'"));
 			break;
-                    case 0x04: /* Capabilities */
+		    case 0x04: /* Capabilities */
+			if (len < 4)
+			    goto trunc;
 			ND_PRINT((ndo, "(0x%08x): %s",
-                               EXTRACT_32BITS(tptr),
-                               bittok2str(cdp_capability_values, "none", EXTRACT_32BITS(tptr))));
+			       EXTRACT_32BITS(tptr),
+			       bittok2str(cdp_capability_values, "none", EXTRACT_32BITS(tptr))));
 			break;
-                    case 0x05: /* Version */
-                        ND_PRINT((ndo, "\n\t  "));
-                        for (i=0;i<len;i++) {
-                            j = *(tptr+i);
-                            ND_PRINT((ndo, "%c", j));
-                            if (j == 0x0a) /* lets rework the version string to get a nice identation */
-                                ND_PRINT((ndo, "\t  "));
-                        }
+		    case 0x05: /* Version */
+			ND_PRINT((ndo, "\n\t  "));
+			for (i=0;i<len;i++) {
+			    j = *(tptr+i);
+			    ND_PRINT((ndo, "%c", j));
+			    if (j == 0x0a) /* lets rework the version string to get a nice indentation */
+				ND_PRINT((ndo, "\t  "));
+			}
 			break;
-                    case 0x06: /* Platform */
-                        ND_PRINT((ndo, "'"));
-                        fn_printn(tptr, len, NULL);
-                        ND_PRINT((ndo, "'"));
+		    case 0x06: /* Platform */
+			ND_PRINT((ndo, "'"));
+			(void)fn_printn(ndo, tptr, len, NULL);
+			ND_PRINT((ndo, "'"));
 			break;
-                    case 0x07: /* Prefixes */
+		    case 0x07: /* Prefixes */
 			if (cdp_print_prefixes(ndo, tptr, len) < 0)
-                            goto trunc;
+			    goto trunc;
 			break;
-                    case 0x08: /* Protocol Hello Option - not documented */
+		    case 0x08: /* Protocol Hello Option - not documented */
 			break;
-                    case 0x09: /* VTP Mgmt Domain  - not documented */
-                        ND_PRINT((ndo, "'"));
-                        fn_printn(tptr, len, NULL);
-                        ND_PRINT((ndo, "'"));
+		    case 0x09: /* VTP Mgmt Domain  - CDPv2 */
+			ND_PRINT((ndo, "'"));
+			(void)fn_printn(ndo, tptr, len, NULL);
+			ND_PRINT((ndo, "'"));
 			break;
-                    case 0x0a: /* Native VLAN ID - not documented */
+		    case 0x0a: /* Native VLAN ID - CDPv2 */
+			if (len < 2)
+			    goto trunc;
 			ND_PRINT((ndo, "%d", EXTRACT_16BITS(tptr)));
 			break;
-                    case 0x0b: /* Duplex - not documented */
+		    case 0x0b: /* Duplex - CDPv2 */
+			if (len < 1)
+			    goto trunc;
 			ND_PRINT((ndo, "%s", *(tptr) ? "full": "half"));
 			break;
 
-                    /* http://www.cisco.com/univercd/cc/td/doc/product/voice/ata/atarn/186rn21m.htm
-                     * plus more details from other sources
-                     */
-                    case 0x0e: /* ATA-186 VoIP VLAN request - incomplete doc. */
+		    /* http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cata/186/2_12_m/english/release/notes/186rn21m.html
+		     * plus more details from other sources
+		     */
+		    case 0x0e: /* ATA-186 VoIP VLAN request - incomplete doc. */
+			if (len < 3)
+			    goto trunc;
 			ND_PRINT((ndo, "app %d, vlan %d", *(tptr), EXTRACT_16BITS(tptr + 1)));
 			break;
-                    case 0x10: /* ATA-186 VoIP VLAN assignment - incomplete doc. */
+		    case 0x10: /* ATA-186 VoIP VLAN assignment - incomplete doc. */
 			ND_PRINT((ndo, "%1.2fW", cdp_get_number(tptr, len) / 1000.0));
 			break;
-                    case 0x11: /* MTU - not documented */
+		    case 0x11: /* MTU - not documented */
+			if (len < 4)
+			    goto trunc;
 			ND_PRINT((ndo, "%u bytes", EXTRACT_32BITS(tptr)));
 			break;
-                    case 0x12: /* AVVID trust bitmap - not documented */
+		    case 0x12: /* AVVID trust bitmap - not documented */
+			if (len < 1)
+			    goto trunc;
 			ND_PRINT((ndo, "0x%02x", *(tptr)));
 			break;
-                    case 0x13: /* AVVID untrusted port CoS - not documented */
+		    case 0x13: /* AVVID untrusted port CoS - not documented */
+			if (len < 1)
+			    goto trunc;
 			ND_PRINT((ndo, "0x%02x", *(tptr)));
 			break;
-                    case 0x14: /* System Name - not documented */
-                        ND_PRINT((ndo, "'"));
-                        fn_printn(tptr, len, NULL);
-                        ND_PRINT((ndo, "'"));
+		    case 0x14: /* System Name - not documented */
+			ND_PRINT((ndo, "'"));
+			(void)fn_printn(ndo, tptr, len, NULL);
+			ND_PRINT((ndo, "'"));
 			break;
-                    case 0x16: /* System Object ID - not documented */
+		    case 0x16: /* System Object ID - not documented */
 			if (cdp_print_addr(ndo, tptr, len) < 0)
 				goto trunc;
 			break;
-                    case 0x17: /* Physical Location - not documented */
+		    case 0x17: /* Physical Location - not documented */
+			if (len < 1)
+			    goto trunc;
 			ND_PRINT((ndo, "0x%02x", *(tptr)));
 			if (len > 1) {
 				ND_PRINT((ndo, "/"));
-	                        fn_printn(tptr + 1, len - 1, NULL);
-	                }
+				(void)fn_printn(ndo, tptr + 1, len - 1, NULL);
+			}
 			break;
-                    default:
-                        print_unknown_data(ndo, tptr, "\n\t  ", len);
-			break;
-                    }
-                }
-		/* avoid infinite loop */
-		if (len == 0)
+		    default:
+			print_unknown_data(ndo, tptr, "\n\t  ", len);
 			break;
+		    }
+		}
 		tptr = tptr+len;
 	}
-        if (ndo->ndo_vflag < 1)
-            ND_PRINT((ndo, ", length %u", caplen));
+	if (ndo->ndo_vflag < 1)
+	    ND_PRINT((ndo, ", length %u", caplen));
 
 	return;
 trunc:
@@ -244,17 +273,17 @@ trunc:
 
 static int
 cdp_print_addr(netdissect_options *ndo,
-               const u_char * p, int l)
+	       const u_char * p, int l)
 {
 	int pt, pl, al, num;
 	const u_char *endp = p + l;
-#ifdef INET6
 	static const u_char prot_ipv6[] = {
 		0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x86, 0xdd
 	};
-#endif
 
-	ND_TCHECK2(*p, 2);
+	ND_TCHECK2(*p, 4);
+	if (p + 4 > endp)
+		goto trunc;
 	num = EXTRACT_32BITS(p);
 	p += 4;
 
@@ -282,10 +311,9 @@ cdp_print_addr(netdissect_options *ndo,
 			ND_TCHECK2(*p, 4);
 			if (p + 4 > endp)
 				goto trunc;
-			ND_PRINT((ndo, "IPv4 (%u) %s", num, ipaddr_string(p)));
+			ND_PRINT((ndo, "IPv4 (%u) %s", num, ipaddr_string(ndo, p)));
 			p += 4;
 		}
-#ifdef INET6
 		else if (pt == PT_IEEE_802_2 && pl == 8 &&
 		    memcmp(p, prot_ipv6, 8) == 0 && al == 16) {
 			/*
@@ -299,10 +327,9 @@ cdp_print_addr(netdissect_options *ndo,
 			if (p + al > endp)
 				goto trunc;
 
-			ND_PRINT((ndo, "IPv6 (%u) %s", num, ip6addr_string(p)));
+			ND_PRINT((ndo, "IPv6 (%u) %s", num, ip6addr_string(ndo, p)));
 			p += al;
 		}
-#endif
 		else {
 			/*
 			 * Generic case: just print raw data
@@ -339,7 +366,7 @@ trunc:
 
 static int
 cdp_print_prefixes(netdissect_options *ndo,
-                   const u_char * p, int l)
+		   const u_char * p, int l)
 {
 	if (l % 5)
 		goto trunc;