X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/64e8f9a9ed91a3cbfa8e66367f87ef50a1d62b99..c39d40a767a1ae36171e5bcbf6f157ff3e80fb6c:/print-l2tp.c?ds=sidebyside diff --git a/print-l2tp.c b/print-l2tp.c index 0d464544..024705f8 100644 --- a/print-l2tp.c +++ b/print-l2tp.c @@ -31,6 +31,7 @@ #include "netdissect-stdinc.h" +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "extract.h" @@ -572,18 +573,18 @@ l2tp_avp_print(netdissect_options *ndo, const u_char *dat, u_int length) int hidden = FALSE; ND_PRINT(" "); - - ND_TCHECK_2(dat); /* Flags & Length */ + /* Flags & Length */ len = GET_BE_U_2(dat) & L2TP_AVP_HDR_LEN_MASK; /* If it is not long enough to contain the header, we'll give up. */ - if (len < 6) - goto trunc; + ND_LCHECKMSG_U(len, 6, "AVP length"); /* If it goes past the end of the remaining length of the packet, we'll give up. */ - if (len > (u_int)length) - goto trunc; + if (len > length) { + ND_PRINT(" (len > %u)", length); + goto invalid; + } /* If it goes past the end of the remaining length of the captured data, we'll give up. */ @@ -728,8 +729,7 @@ l2tp_avp_print(netdissect_options *ndo, const u_char *dat, u_int length) return (len); - trunc: - nd_print_trunc(ndo); +invalid: return (0); } @@ -746,7 +746,6 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) ndo->ndo_protocol = "l2tp"; flag_t = flag_l = flag_s = flag_o = FALSE; - ND_TCHECK_2(ptr); /* Flags & Version */ if ((GET_BE_U_2(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2TP) { ND_PRINT(" l2tp:"); } else if ((GET_BE_U_2(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2F) { @@ -782,37 +781,34 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) cnt += 2; if (flag_l) { - ND_TCHECK_2(ptr); /* Length */ l2tp_len = GET_BE_U_2(ptr); ptr += 2; cnt += 2; } else { l2tp_len = 0; } - - ND_TCHECK_2(ptr); /* Tunnel ID */ + /* Tunnel ID */ ND_PRINT("(%u/", GET_BE_U_2(ptr)); ptr += 2; cnt += 2; - ND_TCHECK_2(ptr); /* Session ID */ + /* Session ID */ ND_PRINT("%u)", GET_BE_U_2(ptr)); ptr += 2; cnt += 2; if (flag_s) { - ND_TCHECK_2(ptr); /* Ns */ ND_PRINT("Ns=%u,", GET_BE_U_2(ptr)); ptr += 2; cnt += 2; - ND_TCHECK_2(ptr); /* Nr */ ND_PRINT("Nr=%u", GET_BE_U_2(ptr)); ptr += 2; cnt += 2; } - if (flag_o) { - ND_TCHECK_2(ptr); /* Offset Size */ + if (flag_o) { /* Offset Size */ pad = GET_BE_U_2(ptr); + /* Offset padding octets in packet buffer? */ + ND_TCHECK_LEN(ptr + 2, pad); ptr += (2 + pad); cnt += (2 + pad); } @@ -820,18 +816,18 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) if (flag_l) { if (length < l2tp_len) { ND_PRINT(" Length %u larger than packet", l2tp_len); - return; + goto invalid; } length = l2tp_len; } if (length < cnt) { ND_PRINT(" Length %u smaller than header length", length); - return; + goto invalid; } if (flag_t) { if (!flag_l) { ND_PRINT(" No length"); - return; + goto invalid; } if (length - cnt == 0) { ND_PRINT(" ZLB"); @@ -844,10 +840,7 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) avp_length = l2tp_avp_print(ndo, ptr, length - cnt); if (avp_length == 0) { - /* - * Truncated. - */ - break; + goto invalid; } cnt += avp_length; ptr += avp_length; @@ -858,9 +851,7 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) ppp_print(ndo, ptr, length - cnt); ND_PRINT("}"); } - return; - - trunc: - nd_print_trunc(ndo); +invalid: + nd_print_invalid(ndo); }