X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/7885cfa165458a05ef818c34ee03affc79f03725..a63600a1fc28dbc7ae7ce9f996829c49a25fb33c:/print-l2tp.c diff --git a/print-l2tp.c b/print-l2tp.c index 0d464544..a5cc378b 100644 --- a/print-l2tp.c +++ b/print-l2tp.c @@ -31,6 +31,7 @@ #include "netdissect-stdinc.h" +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "extract.h" @@ -87,7 +88,7 @@ #define L2TP_MSGTYPE_SLI 16 /* Set-Link-Info */ static const struct tok l2tp_msgtype2str[] = { - { L2TP_MSGTYPE_SCCRQ, "SCCRQ" }, + { L2TP_MSGTYPE_SCCRQ, "SCCRQ" }, { L2TP_MSGTYPE_SCCRP, "SCCRP" }, { L2TP_MSGTYPE_SCCCN, "SCCCN" }, { L2TP_MSGTYPE_STOPCCN, "StopCCN" }, @@ -113,17 +114,17 @@ static const struct tok l2tp_msgtype2str[] = { #define L2TP_AVP_FIRM_VER 6 /* Firmware Revision */ #define L2TP_AVP_HOST_NAME 7 /* Host Name */ #define L2TP_AVP_VENDOR_NAME 8 /* Vendor Name */ -#define L2TP_AVP_ASSND_TUN_ID 9 /* Assigned Tunnel ID */ +#define L2TP_AVP_ASSND_TUN_ID 9 /* Assigned Tunnel ID */ #define L2TP_AVP_RECV_WIN_SIZE 10 /* Receive Window Size */ #define L2TP_AVP_CHALLENGE 11 /* Challenge */ #define L2TP_AVP_Q931_CC 12 /* Q.931 Cause Code */ #define L2TP_AVP_CHALLENGE_RESP 13 /* Challenge Response */ -#define L2TP_AVP_ASSND_SESS_ID 14 /* Assigned Session ID */ -#define L2TP_AVP_CALL_SER_NUM 15 /* Call Serial Number */ +#define L2TP_AVP_ASSND_SESS_ID 14 /* Assigned Session ID */ +#define L2TP_AVP_CALL_SER_NUM 15 /* Call Serial Number */ #define L2TP_AVP_MINIMUM_BPS 16 /* Minimum BPS */ #define L2TP_AVP_MAXIMUM_BPS 17 /* Maximum BPS */ #define L2TP_AVP_BEARER_TYPE 18 /* Bearer Type */ -#define L2TP_AVP_FRAMING_TYPE 19 /* Framing Type */ +#define L2TP_AVP_FRAMING_TYPE 19 /* Framing Type */ #define L2TP_AVP_PACKET_PROC_DELAY 20 /* Packet Processing Delay (OBSOLETE) */ #define L2TP_AVP_CALLED_NUMBER 21 /* Called Number */ #define L2TP_AVP_CALLING_NUMBER 22 /* Calling Number */ @@ -143,7 +144,7 @@ static const struct tok l2tp_msgtype2str[] = { #define L2TP_AVP_RANDOM_VECTOR 36 /* Random Vector */ #define L2TP_AVP_PRIVATE_GRP_ID 37 /* Private Group ID */ #define L2TP_AVP_RX_CONN_SPEED 38 /* (Rx) Connect Speed */ -#define L2TP_AVP_SEQ_REQUIRED 39 /* Sequencing Required */ +#define L2TP_AVP_SEQ_REQUIRED 39 /* Sequencing Required */ #define L2TP_AVP_PPP_DISCON_CC 46 /* PPP Disconnect Cause Code - RFC 3145 */ static const struct tok l2tp_avp2str[] = { @@ -572,18 +573,18 @@ l2tp_avp_print(netdissect_options *ndo, const u_char *dat, u_int length) int hidden = FALSE; ND_PRINT(" "); - - ND_TCHECK_2(dat); /* Flags & Length */ + /* Flags & Length */ len = GET_BE_U_2(dat) & L2TP_AVP_HDR_LEN_MASK; /* If it is not long enough to contain the header, we'll give up. */ - if (len < 6) - goto trunc; + ND_ICHECKMSG_U("AVP length", len, <, 6); /* If it goes past the end of the remaining length of the packet, we'll give up. */ - if (len > (u_int)length) - goto trunc; + if (len > length) { + ND_PRINT(" (len > %u)", length); + goto invalid; + } /* If it goes past the end of the remaining length of the captured data, we'll give up. */ @@ -728,8 +729,7 @@ l2tp_avp_print(netdissect_options *ndo, const u_char *dat, u_int length) return (len); - trunc: - nd_print_trunc(ndo); +invalid: return (0); } @@ -746,7 +746,6 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) ndo->ndo_protocol = "l2tp"; flag_t = flag_l = flag_s = flag_o = FALSE; - ND_TCHECK_2(ptr); /* Flags & Version */ if ((GET_BE_U_2(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2TP) { ND_PRINT(" l2tp:"); } else if ((GET_BE_U_2(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2F) { @@ -782,37 +781,34 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) cnt += 2; if (flag_l) { - ND_TCHECK_2(ptr); /* Length */ l2tp_len = GET_BE_U_2(ptr); ptr += 2; cnt += 2; } else { l2tp_len = 0; } - - ND_TCHECK_2(ptr); /* Tunnel ID */ + /* Tunnel ID */ ND_PRINT("(%u/", GET_BE_U_2(ptr)); ptr += 2; cnt += 2; - ND_TCHECK_2(ptr); /* Session ID */ + /* Session ID */ ND_PRINT("%u)", GET_BE_U_2(ptr)); ptr += 2; cnt += 2; if (flag_s) { - ND_TCHECK_2(ptr); /* Ns */ ND_PRINT("Ns=%u,", GET_BE_U_2(ptr)); ptr += 2; cnt += 2; - ND_TCHECK_2(ptr); /* Nr */ ND_PRINT("Nr=%u", GET_BE_U_2(ptr)); ptr += 2; cnt += 2; } - if (flag_o) { - ND_TCHECK_2(ptr); /* Offset Size */ + if (flag_o) { /* Offset Size */ pad = GET_BE_U_2(ptr); + /* Offset padding octets in packet buffer? */ + ND_TCHECK_LEN(ptr + 2, pad); ptr += (2 + pad); cnt += (2 + pad); } @@ -820,18 +816,18 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) if (flag_l) { if (length < l2tp_len) { ND_PRINT(" Length %u larger than packet", l2tp_len); - return; + goto invalid; } length = l2tp_len; } if (length < cnt) { ND_PRINT(" Length %u smaller than header length", length); - return; + goto invalid; } if (flag_t) { if (!flag_l) { ND_PRINT(" No length"); - return; + goto invalid; } if (length - cnt == 0) { ND_PRINT(" ZLB"); @@ -844,10 +840,7 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) avp_length = l2tp_avp_print(ndo, ptr, length - cnt); if (avp_length == 0) { - /* - * Truncated. - */ - break; + goto invalid; } cnt += avp_length; ptr += avp_length; @@ -858,9 +851,7 @@ l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) ppp_print(ndo, ptr, length - cnt); ND_PRINT("}"); } - return; - - trunc: - nd_print_trunc(ndo); +invalid: + nd_print_invalid(ndo); }