X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/60a835d80f4b6c12dbe2d38fe4ca2de16f3302dc..72ca42c7f3e691bbf29dcd1449c95c0744e7287b:/print-eigrp.c?ds=sidebyside diff --git a/print-eigrp.c b/print-eigrp.c index cab77ba5..aa113415 100644 --- a/print-eigrp.c +++ b/print-eigrp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2004 Hannes Gredler + * Copyright (c) 1998-2004 Hannes Gredler * The TCPDUMP project * * Redistribution and use in source and binary forms, with or without @@ -14,22 +14,24 @@ * FOR A PARTICULAR PURPOSE. */ -#define NETDISSECT_REWORKED +/* \summary: Enhanced Interior Gateway Routing Protocol (EIGRP) printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include #include -#include "interface.h" +#include "netdissect.h" #include "extract.h" #include "addrtoname.h" /* * packet format documented at * http://www.rhyshaden.com/eigrp.htm + * RFC 7868 */ struct eigrp_common_header { @@ -245,6 +247,12 @@ eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int /* ok they seem to want to know everything - lets fully decode it */ + if (len < sizeof(struct eigrp_common_header)) { + ND_PRINT((ndo, "EIGRP %s, length: %u (too short, < %u)", + tok2str(eigrp_opcode_values, "unknown (%u)",eigrp_com_header->opcode), + len, (u_int) sizeof(struct eigrp_common_header))); + return; + } tlen=len-sizeof(struct eigrp_common_header); /* FIXME print other header info */ @@ -285,6 +293,11 @@ eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int eigrp_tlv_type, eigrp_tlv_len)); + if (eigrp_tlv_len < sizeof(struct eigrp_tlv_header)) { + ND_PRINT((ndo, " (too short, < %u)", + (u_int) sizeof(struct eigrp_tlv_header))); + break; + } tlv_tptr=tptr+sizeof(struct eigrp_tlv_header); tlv_tlen=eigrp_tlv_len-sizeof(struct eigrp_tlv_header); @@ -295,6 +308,11 @@ eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int case EIGRP_TLV_GENERAL_PARM: tlv_ptr.eigrp_tlv_general_parm = (const struct eigrp_tlv_general_parm_t *)tlv_tptr; + if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_general_parm)) { + ND_PRINT((ndo, " (too short, < %u)", + (u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_general_parm)))); + break; + } ND_PRINT((ndo, "\n\t holdtime: %us, k1 %u, k2 %u, k3 %u, k4 %u, k5 %u", EXTRACT_16BITS(tlv_ptr.eigrp_tlv_general_parm->holdtime), @@ -307,6 +325,11 @@ eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int case EIGRP_TLV_SW_VERSION: tlv_ptr.eigrp_tlv_sw_version = (const struct eigrp_tlv_sw_version_t *)tlv_tptr; + if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_sw_version)) { + ND_PRINT((ndo, " (too short, < %u)", + (u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_sw_version)))); + break; + } ND_PRINT((ndo, "\n\t IOS version: %u.%u, EIGRP version %u.%u", tlv_ptr.eigrp_tlv_sw_version->ios_major, @@ -317,6 +340,11 @@ eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int case EIGRP_TLV_IP_INT: tlv_ptr.eigrp_tlv_ip_int = (const struct eigrp_tlv_ip_int_t *)tlv_tptr; + if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_ip_int)) { + ND_PRINT((ndo, " (too short, < %u)", + (u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_ip_int)))); + break; + } bit_length = tlv_ptr.eigrp_tlv_ip_int->plen; if (bit_length > 32) { @@ -346,6 +374,11 @@ eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int case EIGRP_TLV_IP_EXT: tlv_ptr.eigrp_tlv_ip_ext = (const struct eigrp_tlv_ip_ext_t *)tlv_tptr; + if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_ip_ext)) { + ND_PRINT((ndo, " (too short, < %u)", + (u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_ip_ext)))); + break; + } bit_length = tlv_ptr.eigrp_tlv_ip_ext->plen; if (bit_length > 32) { @@ -383,6 +416,11 @@ eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int case EIGRP_TLV_AT_CABLE_SETUP: tlv_ptr.eigrp_tlv_at_cable_setup = (const struct eigrp_tlv_at_cable_setup_t *)tlv_tptr; + if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_at_cable_setup)) { + ND_PRINT((ndo, " (too short, < %u)", + (u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_at_cable_setup)))); + break; + } ND_PRINT((ndo, "\n\t Cable-range: %u-%u, Router-ID %u", EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_cable_setup->cable_start), @@ -392,6 +430,11 @@ eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int case EIGRP_TLV_AT_INT: tlv_ptr.eigrp_tlv_at_int = (const struct eigrp_tlv_at_int_t *)tlv_tptr; + if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_at_int)) { + ND_PRINT((ndo, " (too short, < %u)", + (u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_at_int)))); + break; + } ND_PRINT((ndo, "\n\t Cable-Range: %u-%u, nexthop: ", EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_int->cable_start), @@ -415,6 +458,11 @@ eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int case EIGRP_TLV_AT_EXT: tlv_ptr.eigrp_tlv_at_ext = (const struct eigrp_tlv_at_ext_t *)tlv_tptr; + if (tlv_tlen < sizeof(*tlv_ptr.eigrp_tlv_at_ext)) { + ND_PRINT((ndo, " (too short, < %u)", + (u_int) (sizeof(struct eigrp_tlv_header) + sizeof(*tlv_ptr.eigrp_tlv_at_ext)))); + break; + } ND_PRINT((ndo, "\n\t Cable-Range: %u-%u, nexthop: ", EXTRACT_16BITS(&tlv_ptr.eigrp_tlv_at_ext->cable_start),