X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/8c88f9f54a37bd257471d72d78fc7e211113495d..0023eaa78f123676bfa9c5fba72ea4b8a59aaa70:/print-isakmp.c

diff --git a/print-isakmp.c b/print-isakmp.c
index b3854d15..6a978ad0 100644
--- a/print-isakmp.c
+++ b/print-isakmp.c
@@ -32,16 +32,7 @@
 
 /* specification: RFC 2407, RFC 2408, RFC 5996 */
 
-#ifdef HAVE_CONFIG_H
 #include <config.h>
-#endif
-
-/* The functions from print-esp.c used in this file are only defined when both
- * OpenSSL and evp.h are detected. Employ the same preprocessor device here.
- */
-#ifndef HAVE_OPENSSL_EVP_H
-#undef HAVE_LIBCRYPTO
-#endif
 
 #include "netdissect-stdinc.h"
 
@@ -122,9 +113,9 @@ struct isakmp {
 #define ISAKMP_FLAG_extra 0x04
 
 /* IKEv2 */
-#define ISAKMP_FLAG_I (1 << 3)  /* (I)nitiator */
-#define ISAKMP_FLAG_V (1 << 4)  /* (V)ersion   */
-#define ISAKMP_FLAG_R (1 << 5)  /* (R)esponse  */
+#define ISAKMP_FLAG_I (1 << 3)  /* Initiator */
+#define ISAKMP_FLAG_V (1 << 4)  /* Version   */
+#define ISAKMP_FLAG_R (1 << 5)  /* Response  */
 
 
 /* 3.2 Payload Generic Header
@@ -243,7 +234,7 @@ struct ikev1_pl_cr {
 	Certificate Types (variable length)
 	  -- Contains a list of the types of certificates requested,
 	  sorted in order of preference.  Each individual certificate
-	  type is 1 octet.  This field is NOT requiredo
+	  type is 1 octet.  This field is NOT required.
 	*/
 	/* # Certificate Authorities (1 octet) */
 	/* Certificate Authorities (variable length) */
@@ -741,10 +732,10 @@ static const char *etypestr[] = {
 		? npfunc[(x)] : NULL)
 
 static int
-iszero(const u_char *p, size_t l)
+iszero(netdissect_options *ndo, const u_char *p, size_t l)
 {
 	while (l != 0) {
-		if (*p)
+		if (GET_U_1(p))
 			return 0;
 		p++;
 		l--;
@@ -914,11 +905,9 @@ ikev1_attrmap_print(netdissect_options *ndo,
 	u_int totlen;
 	uint32_t t, v;
 
-	ND_TCHECK_1(p);
 	if (GET_U_1(p) & 0x80)
 		totlen = 4;
 	else {
-		ND_TCHECK_2(p + 2);
 		totlen = 4 + GET_BE_U_2(p + 2);
 	}
 	if (ep2 < p + totlen) {
@@ -926,7 +915,6 @@ ikev1_attrmap_print(netdissect_options *ndo,
 		return ep2 + 1;
 	}
 
-	ND_TCHECK_2(p);
 	ND_PRINT("(");
 	t = GET_BE_U_2(p) & 0x7fff;
 	if (map && t < nmap && map[t].type)
@@ -935,7 +923,6 @@ ikev1_attrmap_print(netdissect_options *ndo,
 		ND_PRINT("type=#%u ", t);
 	if (GET_U_1(p) & 0x80) {
 		ND_PRINT("value=");
-		ND_TCHECK_2(p + 2);
 		v = GET_BE_U_2(p + 2);
 		if (map && t < nmap && v < map[t].nvalue && map[t].value[v])
 			ND_PRINT("%s", map[t].value[v]);
@@ -965,11 +952,9 @@ ikev1_attr_print(netdissect_options *ndo, const u_char *p, const u_char *ep2)
 	u_int totlen;
 	uint32_t t;
 
-	ND_TCHECK_1(p);
 	if (GET_U_1(p) & 0x80)
 		totlen = 4;
 	else {
-		ND_TCHECK_2(p + 2);
 		totlen = 4 + GET_BE_U_2(p + 2);
 	}
 	if (ep2 < p + totlen) {
@@ -977,7 +962,6 @@ ikev1_attr_print(netdissect_options *ndo, const u_char *p, const u_char *ep2)
 		return ep2 + 1;
 	}
 
-	ND_TCHECK_2(p);
 	ND_PRINT("(");
 	t = GET_BE_U_2(p) & 0x7fff;
 	ND_PRINT("type=#%u ", t);
@@ -1042,7 +1026,6 @@ ikev1_sa_print(netdissect_options *ndo, u_char tpay _U_,
 
 	np = (const u_char *)ext + sizeof(struct ikev1_pl_sa);
 	if (sit != 0x01) {
-		ND_TCHECK_4(ext + 1);
 		ident = GET_BE_U_4(ext + 1);
 		ND_PRINT(" ident=%u", ident);
 		np += sizeof(ident);
@@ -1836,14 +1819,16 @@ ikev1_d_print(netdissect_options *ndo, u_char tpay _U_,
 	ND_PRINT(" spilen=%u", spi_size);
 	num_spi = GET_BE_U_2(p->num_spi);
 	ND_PRINT(" nspi=%u", num_spi);
-	ND_PRINT(" spi=");
 	q = (const uint8_t *)(p + 1);
-	for (i = 0; i < num_spi; i++) {
-		if (i != 0)
-			ND_PRINT(",");
-		if (!rawprint(ndo, (const uint8_t *)q, spi_size))
-			goto trunc;
-		q += spi_size;
+	if (spi_size) {
+		ND_PRINT(" spi=");
+		for (i = 0; i < num_spi; i++) {
+			if (i != 0)
+				ND_PRINT(",");
+			if (!rawprint(ndo, (const uint8_t *)q, spi_size))
+				goto trunc;
+			q += spi_size;
+		}
 	}
 	return q;
 trunc:
@@ -2317,7 +2302,7 @@ ikev2_auth_print(netdissect_options *ndo, u_char tpay,
 	const struct ikev2_auth *p;
 	const char *v2_auth[]={ "invalid", "rsasig",
 				"shared-secret", "dsssig" };
-	const u_char *authdata = (const u_char*)ext + sizeof(struct ikev2_auth);
+	const u_char *authdata = (const u_char *)ext + sizeof(struct ikev2_auth);
 
 	ND_TCHECK_LEN(ext, sizeof(struct ikev2_auth));
 	p = (const struct ikev2_auth *)ext;
@@ -2849,7 +2834,7 @@ ikev1_print(netdissect_options *ndo,
 
 	i = cookie_find(&base->i_ck);
 	if (i < 0) {
-		if (iszero((const u_char *)&base->r_ck, sizeof(base->r_ck))) {
+		if (iszero(ndo, base->r_ck, sizeof(base->r_ck))) {
 			/* the first packet */
 			ND_PRINT(" I");
 			if (bp2)
@@ -3111,7 +3096,6 @@ isakmp_rfc3948_print(netdissect_options *ndo,
 		     const u_char *bp2, int ver, int fragmented, u_int ttl_hl)
 {
 	ndo->ndo_protocol = "isakmp_rfc3948";
-	ND_TCHECK_1(bp);
 	if(length == 1 && GET_U_1(bp)==0xff) {
 		ND_PRINT("isakmp-nat-keep-alive");
 		return;
@@ -3120,7 +3104,6 @@ isakmp_rfc3948_print(netdissect_options *ndo,
 	if(length < 4) {
 		goto trunc;
 	}
-	ND_TCHECK_1(bp + 3);
 
 	/*
 	 * see if this is an IKE packet
@@ -3148,5 +3131,4 @@ isakmp_rfc3948_print(netdissect_options *ndo,
 
 trunc:
 	nd_print_trunc(ndo);
-	return;
 }