X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/7e54d6cb05d30e324b3e5a467fa4a37472f701e0..1ee09c1510704191a14df4eb914dba3d5dc9ab58:/print-isoclns.c diff --git a/print-isoclns.c b/print-isoclns.c index c3eb4419..90299860 100644 --- a/print-isoclns.c +++ b/print-isoclns.c @@ -21,12 +21,12 @@ * Original code by Matt Thomas, Digital Equipment Corporation * * Extensively modified by Hannes Gredler (hannes@juniper.net) for more - * complete IS-IS support. + * complete IS-IS & CLNP support. */ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.123 2004-10-18 12:34:36 hannes Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-isoclns.c,v 1.138 2005-04-26 07:14:07 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -57,14 +57,15 @@ static const char rcsid[] _U_ = #define SYSTEM_ID_LEN ETHER_ADDR_LEN #define NODE_ID_LEN SYSTEM_ID_LEN+1 #define LSP_ID_LEN SYSTEM_ID_LEN+2 -#define NSAP_MAX_LENGTH 20 #define ISIS_VERSION 1 #define ESIS_VERSION 1 +#define CLNP_VERSION 1 #define ISIS_PDU_TYPE_MASK 0x1F #define ESIS_PDU_TYPE_MASK 0x1F #define CLNP_PDU_TYPE_MASK 0x1F +#define CLNP_FLAG_MASK 0xE0 #define ISIS_LAN_PRIORITY_MASK 0x7F #define ISIS_PDU_L1_LAN_IIH 15 @@ -198,6 +199,94 @@ static struct tok esis_option_values[] = { { 0, NULL } }; +#define CLNP_OPTION_DISCARD_REASON 193 +#define CLNP_OPTION_QOS_MAINTENANCE 195 /* iso8473 */ +#define CLNP_OPTION_PRIORITY 205 /* iso8473 */ + +static struct tok clnp_option_values[] = { + { CLNP_OPTION_DISCARD_REASON, "Discard Reason"}, + { CLNP_OPTION_PRIORITY, "Priority"}, + { CLNP_OPTION_QOS_MAINTENANCE, "QoS Maintenance"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_class_values[] = { + { 0x0, "General"}, + { 0x8, "Address"}, + { 0x9, "Source Routeing"}, + { 0xa, "Lifetime"}, + { 0xb, "PDU Discarded"}, + { 0xc, "Reassembly"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_general_values[] = { + { 0x0, "Reason not specified"}, + { 0x1, "Protocol procedure error"}, + { 0x2, "Incorrect checksum"}, + { 0x3, "PDU discarded due to congestion"}, + { 0x4, "Header syntax error (cannot be parsed)"}, + { 0x5, "Segmentation needed but not permitted"}, + { 0x6, "Incomplete PDU received"}, + { 0x7, "Duplicate option"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_address_values[] = { + { 0x0, "Destination address unreachable"}, + { 0x1, "Destination address unknown"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_source_routeing_values[] = { + { 0x0, "Unspecified source routeing error"}, + { 0x1, "Syntax error in source routeing field"}, + { 0x2, "Unknown address in source routeing field"}, + { 0x3, "Path not acceptable"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_lifetime_values[] = { + { 0x0, "Lifetime expired while data unit in transit"}, + { 0x1, "Lifetime expired during reassembly"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_pdu_discard_values[] = { + { 0x0, "Unsupported option not specified"}, + { 0x1, "Unsupported protocol version"}, + { 0x2, "Unsupported security option"}, + { 0x3, "Unsupported source routeing option"}, + { 0x4, "Unsupported recording of route option"}, + { 0, NULL } +}; + +static struct tok clnp_option_rfd_reassembly_values[] = { + { 0x0, "Reassembly interference"}, + { 0, NULL } +}; + +/* array of 16 error-classes */ +static struct tok *clnp_option_rfd_error_class[] = { + clnp_option_rfd_general_values, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + clnp_option_rfd_address_values, + clnp_option_rfd_source_routeing_values, + clnp_option_rfd_lifetime_values, + clnp_option_rfd_pdu_discard_values, + clnp_option_rfd_reassembly_values, + NULL, + NULL, + NULL +}; + + #define ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP 3 /* draft-ietf-isis-traffic-05 */ #define ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID 4 /* draft-ietf-isis-gmpls-extensions */ #define ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID 5 /* draft-ietf-isis-traffic-05 */ @@ -267,6 +356,17 @@ static struct tok isis_subtlv_idrp_values[] = { { 0, NULL} }; +#define CLNP_SEGMENT_PART 0x80 +#define CLNP_MORE_SEGMENTS 0x40 +#define CLNP_REQUEST_ER 0x20 + +static struct tok clnp_flag_values[] = { + { CLNP_SEGMENT_PART, "Segmentation permitted"}, + { CLNP_MORE_SEGMENTS, "more Segments"}, + { CLNP_REQUEST_ER, "request Error Report"}, + { 0, NULL} +}; + #define ISIS_MASK_LSP_OL_BIT(x) ((x)&0x4) #define ISIS_MASK_LSP_ISTYPE_BITS(x) ((x)&0x3) #define ISIS_MASK_LSP_PARTITION_BIT(x) ((x)&0x80) @@ -446,35 +546,6 @@ struct isis_tlv_lsp { u_int8_t checksum[2]; }; -static char * -print_nsap(register const u_int8_t *pptr, register int nsap_length) -{ - int nsap_idx; - static char nsap_ascii_output[sizeof("xx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xx")]; - char *junk_buf = nsap_ascii_output; - - if (nsap_length < 1 || nsap_length > NSAP_MAX_LENGTH) { - snprintf(nsap_ascii_output, sizeof(nsap_ascii_output), - "illegal length"); - return (nsap_ascii_output); - } - - for (nsap_idx = 0; nsap_idx < nsap_length; nsap_idx++) { - if (!TTEST2(*pptr, 1)) - return (0); - snprintf(junk_buf, - sizeof(nsap_ascii_output) - (junk_buf - nsap_ascii_output), - "%02x", *pptr++); - junk_buf += strlen(junk_buf); - if (((nsap_idx & 1) == 0) && - (nsap_idx + 1 < nsap_length)) { - *junk_buf++ = '.'; - } - } - *(junk_buf) = '\0'; - return (nsap_ascii_output); -} - #define ISIS_COMMON_HEADER_SIZE (sizeof(struct isis_common_header)) #define ISIS_IIH_LAN_HEADER_SIZE (sizeof(struct isis_iih_lan_header)) #define ISIS_IIH_PTP_HEADER_SIZE (sizeof(struct isis_iih_ptp_header)) @@ -494,8 +565,8 @@ void isoclns_print(const u_int8_t *p, u_int length, u_int caplen) } if (eflag) - printf("nlpid %s (0x%02x), ", - tok2str(nlpid_values,"Unknown NLPID (0x%02x)",*p), + printf("OSI NLPID %s (0x%02x): ", + tok2str(nlpid_values,"Unknown",*p), *p); switch (*p) { @@ -515,11 +586,17 @@ void isoclns_print(const u_int8_t *p, u_int length, u_int caplen) break; case NLPID_NULLNS: - (void)printf(", length: %u", length); + (void)printf("%slength: %u", + eflag ? "" : ", ", + length); break; + case NLPID_Q933: + q933_print(p+1, length-1); + break; + case NLPID_IP: - ip_print(p+1, length-1); + ip_print(gndo, p+1, length-1); break; #ifdef INET6 @@ -528,8 +605,16 @@ void isoclns_print(const u_int8_t *p, u_int length, u_int caplen) break; #endif + case NLPID_PPP: + ppp_print(p+1, length-1); + break; + default: - (void)printf(", length: %u", length); + if (!eflag) + printf("OSI NLPID 0x%02x unknown",*p); + (void)printf("%slength: %u", + eflag ? "" : ", ", + length); if (caplen > 1) print_unknown_data(p,"\n\t",caplen); break; @@ -561,6 +646,12 @@ struct clnp_header_t { u_int8_t cksum[2]; }; +struct clnp_segment_header_t { + u_int8_t data_unit_id[2]; + u_int8_t segment_offset[2]; + u_int8_t total_length[2]; +}; + /* * clnp_print * Decode CLNP packets. Return 0 on error. @@ -569,83 +660,177 @@ struct clnp_header_t { static int clnp_print (const u_int8_t *pptr, u_int length) { const u_int8_t *optr,*source_address,*dest_address; - u_int li,source_address_length,dest_address_length, clnp_pdu_type; + u_int li,source_address_length,dest_address_length, clnp_pdu_type, clnp_flags; const struct clnp_header_t *clnp_header; + const struct clnp_segment_header_t *clnp_segment_header; + u_int8_t rfd_error_major,rfd_error_minor; clnp_header = (const struct clnp_header_t *) pptr; + TCHECK(*clnp_header); + li = clnp_header->length_indicator; optr = pptr; if (!eflag) - printf("CLNP, "); + printf("CLNP"); /* * Sanity checking of the header. */ - /* FIXME */ + if (clnp_header->version != CLNP_VERSION) { + printf("version %d packet not supported", clnp_header->version); + return (0); + } + + /* FIXME further header sanity checking */ clnp_pdu_type = clnp_header->type & CLNP_PDU_TYPE_MASK; + clnp_flags = clnp_header->type & CLNP_FLAG_MASK; pptr += sizeof(struct clnp_header_t); + li -= sizeof(struct clnp_header_t); dest_address_length = *pptr; dest_address = pptr + 1; pptr += (1 + dest_address_length); + li -= (1 + dest_address_length); source_address_length = *pptr; source_address = pptr +1; pptr += (1 + source_address_length); + li -= (1 + source_address_length); if (vflag < 1) { - printf("%s > %s, length %u", - print_nsap(source_address, source_address_length), - print_nsap(dest_address, dest_address_length), + printf("%s%s > %s, %s, length %u", + eflag ? "" : ", ", + isonsap_string(source_address, source_address_length), + isonsap_string(dest_address, dest_address_length), + tok2str(clnp_pdu_values,"unknown (%u)",clnp_pdu_type), length); return (1); } - printf("length %u", length); - - printf("\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, PDU length: %u, checksum: 0x%04x ", - tok2str(clnp_pdu_values, - "unknown (%u)", - clnp_pdu_type), - clnp_header->length_indicator, - clnp_header->version, - clnp_header->lifetime/2, - (clnp_header->lifetime%2)*5, - EXTRACT_16BITS(clnp_header->segment_length), - EXTRACT_16BITS(clnp_header->cksum)); + printf("%slength %u",eflag ? "" : ", ",length); + + printf("\n\t%s PDU, hlen: %u, v: %u, lifetime: %u.%us, Segment PDU length: %u, checksum: 0x%04x ", + tok2str(clnp_pdu_values, "unknown (%u)",clnp_pdu_type), + clnp_header->length_indicator, + clnp_header->version, + clnp_header->lifetime/2, + (clnp_header->lifetime%2)*5, + EXTRACT_16BITS(clnp_header->segment_length), + EXTRACT_16BITS(clnp_header->cksum)); /* do not attempt to verify the checksum if it is zero */ if (EXTRACT_16BITS(clnp_header->cksum) == 0) printf("(unverified)"); - else printf("(%s)", osi_cksum(optr, li) ? "incorrect" : "correct"); + else printf("(%s)", osi_cksum(optr, clnp_header->length_indicator) ? "incorrect" : "correct"); + + printf("\n\tFlags [%s]", + bittok2str(clnp_flag_values,"none",clnp_flags)); printf("\n\tsource address (length %u): %s\n\tdest address (length %u): %s", source_address_length, - print_nsap(source_address, source_address_length), + isonsap_string(source_address, source_address_length), dest_address_length, - print_nsap(dest_address, dest_address_length)); + isonsap_string(dest_address,dest_address_length)); + + if (clnp_flags & CLNP_SEGMENT_PART) { + clnp_segment_header = (const struct clnp_segment_header_t *) pptr; + printf("\n\tData Unit ID: 0x%04x, Segment Offset: %u, Total PDU Length: %u", + EXTRACT_16BITS(clnp_segment_header->data_unit_id), + EXTRACT_16BITS(clnp_segment_header->segment_offset), + EXTRACT_16BITS(clnp_segment_header->total_length)); + pptr+=sizeof(const struct clnp_segment_header_t); + li-=sizeof(const struct clnp_segment_header_t); + } - /* dump the remaining header data */ - print_unknown_data(pptr,"\n\t",clnp_header->length_indicator-(pptr-optr)); + /* now walk the options */ + while (li >= 2) { + u_int op, opli; + const u_int8_t *tptr; + + TCHECK2(*pptr, 2); + if (li < 2) { + printf(", bad opts/li"); + return (0); + } + op = *pptr++; + opli = *pptr++; + li -= 2; + TCHECK2(*pptr, opli); + if (opli > li) { + printf(", opt (%d) too long", op); + return (0); + } + li -= opli; + tptr = pptr; + + printf("\n\t %s Option #%u, length %u, value: ", + tok2str(clnp_option_values,"Unknown",op), + op, + opli); + + switch (op) { + + case CLNP_OPTION_PRIORITY: + printf("%u", *tptr); + break; + + case CLNP_OPTION_DISCARD_REASON: + rfd_error_major = (*tptr&0xf0) >> 4; + rfd_error_minor = *tptr&0x0f; + printf("\n\t Class: %s Error (0x%01x), %s (0x%01x)", + tok2str(clnp_option_rfd_class_values,"Unknown",rfd_error_major), + rfd_error_major, + tok2str(clnp_option_rfd_error_class[rfd_error_major],"Unknown",rfd_error_minor), + rfd_error_minor); + break; + + /* + * FIXME those are the defined Options that lack a decoder + * you are welcome to contribute code ;-) + */ + + default: + print_unknown_data(tptr,"\n\t ",opli); + break; + } + if (vflag > 1) + print_unknown_data(pptr,"\n\t ",opli); + pptr += opli; + } switch (clnp_pdu_type) { - case CLNP_PDU_ER: + case CLNP_PDU_ER: /* fall through */ + case CLNP_PDU_ERP: + TCHECK(*pptr); + if (*(pptr) == NLPID_CLNP) { + printf("\n\t-----original packet-----\n\t"); + /* FIXME recursion protection */ + clnp_print(pptr, length-clnp_header->length_indicator); + break; + } + case CLNP_PDU_DT: case CLNP_PDU_MD: case CLNP_PDU_ERQ: - case CLNP_PDU_ERP: - + default: /* dump the PDU specific data */ - print_unknown_data(optr+clnp_header->length_indicator,"\n\t ",length-clnp_header->length_indicator); - + if (length-(pptr-optr) > 0) { + printf("\n\t undecoded non-header data, length %u",length-clnp_header->length_indicator); + print_unknown_data(pptr,"\n\t ",length-(pptr-optr)); + } } return (1); + + trunc: + fputs("[|clnp]", stdout); + return (1); + } @@ -678,7 +863,7 @@ esis_print(const u_int8_t *pptr, u_int length) const struct esis_header_t *esis_header; if (!eflag) - printf("ES-IS, "); + printf("ES-IS"); if (length <= 2) { if (qflag) @@ -689,6 +874,7 @@ esis_print(const u_int8_t *pptr, u_int length) } esis_header = (const struct esis_header_t *) pptr; + TCHECK(*esis_header); li = esis_header->length_indicator; optr = pptr; @@ -697,22 +883,22 @@ esis_print(const u_int8_t *pptr, u_int length) */ if (esis_header->nlpid != NLPID_ESIS) { - printf("nlpid 0x%02x packet not supported", esis_header->nlpid); + printf(" nlpid 0x%02x packet not supported", esis_header->nlpid); return; } if (esis_header->version != ESIS_VERSION) { - printf("version %d packet not supported", esis_header->version); + printf(" version %d packet not supported", esis_header->version); return; } if (li > length) { - printf("length indicator(%d) > PDU size (%d)!", li, length); + printf(" length indicator(%d) > PDU size (%d)!", li, length); return; } if (li < sizeof(struct esis_header_t) + 2) { - printf("length indicator < min PDU size %d:", li); + printf(" length indicator < min PDU size %d:", li); while (--length != 0) printf("%02X", *pptr++); return; @@ -721,12 +907,14 @@ esis_print(const u_int8_t *pptr, u_int length) esis_pdu_type = esis_header->type & ESIS_PDU_TYPE_MASK; if (vflag < 1) { - printf("%s, length %u", + printf("%s%s, length %u", + eflag ? "" : ", ", tok2str(esis_pdu_values,"unknown type (%u)",esis_pdu_type), length); return; } else - printf("length %u\n\t%s (%u)", + printf("%slength %u\n\t%s (%u)", + eflag ? "" : ", ", length, tok2str(esis_pdu_values,"unknown type: %u", esis_pdu_type), esis_pdu_type); @@ -736,7 +924,8 @@ esis_print(const u_int8_t *pptr, u_int length) /* do not attempt to verify the checksum if it is zero */ if (EXTRACT_16BITS(esis_header->cksum) == 0) printf("(unverified)"); - else printf("(%s)", osi_cksum(pptr, li) ? "incorrect" : "correct"); + else + printf("(%s)", osi_cksum(pptr, li) ? "incorrect" : "correct"); printf(", holding time: %us, length indicator: %u",EXTRACT_16BITS(esis_header->holdtime),li); @@ -748,25 +937,72 @@ esis_print(const u_int8_t *pptr, u_int length) switch (esis_pdu_type) { case ESIS_PDU_REDIRECT: { - const u_int8_t *dst, *snpa, *tptr; + const u_int8_t *dst, *snpa, *neta; + u_int dstl, snpal, netal; - dst = pptr; pptr += *pptr + 1; - if (pptr > snapend) + TCHECK(*pptr); + if (li < 1) { + printf(", bad redirect/li"); + return; + } + dstl = *pptr; + pptr++; + li--; + TCHECK2(*pptr, dstl); + if (li < dstl) { + printf(", bad redirect/li"); + return; + } + dst = pptr; + pptr += dstl; + li -= dstl; + printf("\n\t %s", isonsap_string(dst,dstl)); + + TCHECK(*pptr); + if (li < 1) { + printf(", bad redirect/li"); + return; + } + snpal = *pptr; + pptr++; + li--; + TCHECK2(*pptr, snpal); + if (li < snpal) { + printf(", bad redirect/li"); + return; + } + snpa = pptr; + pptr += snpal; + li -= snpal; + TCHECK(*pptr); + if (li < 1) { + printf(", bad redirect/li"); return; - printf("\n\t %s", isonsap_string(dst)); - snpa = pptr; pptr += *pptr + 1; - tptr = pptr; pptr += *pptr + 1; - if (pptr > snapend) + } + netal = *pptr; + pptr++; + TCHECK2(*pptr, netal); + if (li < netal) { + printf(", bad redirect/li"); return; + } + neta = pptr; + pptr += netal; + li -= netal; - if (tptr[0] == 0) - printf("\n\t %s", etheraddr_string(&snpa[1])); + if (netal == 0) + printf("\n\t %s", etheraddr_string(snpa)); else - printf("\n\t %s", isonsap_string(tptr)); + printf("\n\t %s", isonsap_string(neta,netal)); break; } case ESIS_PDU_ESH: + TCHECK(*pptr); + if (li < 1) { + printf(", bad esh/li"); + return; + } source_address_number = *pptr; pptr++; li--; @@ -774,23 +1010,47 @@ esis_print(const u_int8_t *pptr, u_int length) printf("\n\t Number of Source Addresses: %u", source_address_number); while (source_address_number > 0) { + TCHECK(*pptr); + if (li < 1) { + printf(", bad esh/li"); + return; + } source_address_length = *pptr; + pptr++; + li--; + + TCHECK2(*pptr, source_address_length); + if (li < source_address_length) { + printf(", bad esh/li"); + return; + } printf("\n\t NET (length: %u): %s", source_address_length, - print_nsap(pptr+1, source_address_length)); - - pptr += source_address_length+1; - li -= source_address_length+1; + isonsap_string(pptr,source_address_length)); + pptr += source_address_length; + li -= source_address_length; source_address_number--; } break; case ESIS_PDU_ISH: { + TCHECK(*pptr); + if (li < 1) { + printf(", bad ish/li"); + return; + } source_address_length = *pptr; - printf("\n\t NET (length: %u): %s", source_address_length, print_nsap(pptr+1, source_address_length)); - pptr += source_address_length+1; - li -= source_address_length +1; + pptr++; + li--; + TCHECK2(*pptr, source_address_length); + if (li < source_address_length) { + printf(", bad ish/li"); + return; + } + printf("\n\t NET (length: %u): %s", source_address_length, isonsap_string(pptr, source_address_length)); + pptr += source_address_length; + li -= source_address_length; break; } @@ -807,8 +1067,7 @@ esis_print(const u_int8_t *pptr, u_int length) u_int op, opli; const u_int8_t *tptr; - if (snapend - pptr < 2) - return; + TCHECK2(*pptr, 2); if (li < 2) { printf(", bad opts/li"); return; @@ -823,9 +1082,6 @@ esis_print(const u_int8_t *pptr, u_int length) li -= opli; tptr = pptr; - if (snapend < pptr) - return; - printf("\n\t %s Option #%u, length %u, value: ", tok2str(esis_option_values,"Unknown",op), op, @@ -834,12 +1090,13 @@ esis_print(const u_int8_t *pptr, u_int length) switch (op) { case ESIS_OPTION_ES_CONF_TIME: + TCHECK2(*pptr, 2); printf("%us", EXTRACT_16BITS(tptr)); break; - case ESIS_OPTION_PROTOCOLS: while (opli>0) { + TCHECK(*pptr); printf("%s (0x%02x)", tok2str(nlpid_values, "unknown", @@ -871,6 +1128,8 @@ esis_print(const u_int8_t *pptr, u_int length) print_unknown_data(pptr,"\n\t ",opli); pptr += opli; } +trunc: + return; } /* shared routine for printing system, node and lsp-ids */ @@ -1373,7 +1632,7 @@ static int isis_print (const u_int8_t *p, u_int length) header_psnp = (const struct isis_psnp_header *)pptr; if (!eflag) - printf("IS-IS, "); + printf("IS-IS"); /* * Sanity checking of the header. @@ -1438,7 +1697,9 @@ static int isis_print (const u_int8_t *p, u_int length) /* in non-verbose mode print the basic PDU Type plus PDU specific brief information*/ if (vflag < 1) { - printf("%s", tok2str(isis_pdu_values,"unknown PDU-Type %u",pdu_type)); + printf("%s%s", + eflag ? "" : ", ", + tok2str(isis_pdu_values,"unknown PDU-Type %u",pdu_type)); switch (pdu_type) { @@ -1476,7 +1737,7 @@ static int isis_print (const u_int8_t *p, u_int length) } /* ok they seem to want to know everything - lets fully decode it */ - printf(", length: %u",length); + printf("%slength %u", eflag ? "" : ", ",length); printf("\n\t%s, hlen: %u, v: %u, pdu-v: %u, sys-id-len: %u (%u), max-area: %u (%u)", tok2str(isis_pdu_values, @@ -1718,6 +1979,9 @@ static int isis_print (const u_int8_t *p, u_int length) tlv_type, tlv_len); + if (tlv_len == 0) /* something is malformed */ + break; + /* now check if we have a decoder otherwise do a hexdump at the end*/ switch (tlv_type) { case ISIS_TLV_AREA_ADDR: @@ -1727,7 +1991,7 @@ static int isis_print (const u_int8_t *p, u_int length) while (tmp && alen < tmp) { printf("\n\t Area address (length: %u): %s", alen, - print_nsap(tptr, alen)); + isonsap_string(tptr,alen)); tptr += alen; tmp -= alen + 1; if (tmp==0) /* if this is the last area address do not attemt a boundary check */ @@ -1748,9 +2012,13 @@ static int isis_print (const u_int8_t *p, u_int length) break; case ISIS_TLV_ISNEIGH_VARLEN: - if (!TTEST2(*tptr, 1)) + if (!TTEST2(*tptr, 1) || tmp < 3) /* min. TLV length */ goto trunctlv; - lan_alen = *tptr++; /* LAN adress length */ + lan_alen = *tptr++; /* LAN address length */ + if (lan_alen == 0) { + printf("\n\t LAN address length 0 bytes (invalid)"); + break; + } tmp --; printf("\n\t LAN address length %u bytes ",lan_alen); while (tmp >= lan_alen) { @@ -2161,11 +2429,15 @@ static int isis_print (const u_int8_t *p, u_int length) if (!TTEST2(*tptr, 1)) goto trunctlv; prefix_len=*tptr++; /* read out prefix length in semioctets*/ + if (prefix_len < 2) { + printf("\n\t\tAddress: prefix length %u < 2", prefix_len); + break; + } tmp--; if (!TTEST2(*tptr, prefix_len/2)) goto trunctlv; printf("\n\t\tAddress: %s/%u", - print_nsap(tptr,prefix_len/2), + isonsap_string(tptr,prefix_len/2), prefix_len*4); tptr+=prefix_len/2; tmp-=prefix_len/2; @@ -2250,3 +2522,11 @@ osi_cksum(const u_int8_t *tptr, u_int len) } return (c0 | c1); } + + +/* + * Local Variables: + * c-style: whitesmith + * c-basic-offset: 8 + * End: + */