X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/99c91c3aec40b691641374f58e798bd8d6b657bd..61c422a88caefe986c2bc0a7f2f3028f696fa5cd:/print-pim.c diff --git a/print-pim.c b/print-pim.c index f023207d..3c41d9f9 100644 --- a/print-pim.c +++ b/print-pim.c @@ -19,6 +19,8 @@ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ +/* \summary: Protocol Independent Multicast (PIM) printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif @@ -31,6 +33,7 @@ #include "ip.h" #include "ip6.h" +#include "ipproto.h" #define PIMV1_TYPE_QUERY 0 #define PIMV1_TYPE_REGISTER 1 @@ -144,43 +147,51 @@ pimv1_join_prune_print(netdissect_options *ndo, int njp; /* If it's a single group and a single source, use 1-line output. */ - if (ND_TTEST2(bp[0], 30) && bp[11] == 1 && - ((njoin = EXTRACT_16BITS(&bp[20])) + EXTRACT_16BITS(&bp[22])) == 1) { + if (ND_TTEST2(bp[0], 30) && EXTRACT_U_1(bp + 11) == 1 && + ((njoin = EXTRACT_BE_U_2(bp + 20)) + EXTRACT_BE_U_2(bp + 22)) == 1) { int hold; ND_PRINT((ndo, " RPF %s ", ipaddr_string(ndo, bp))); - hold = EXTRACT_16BITS(&bp[6]); + hold = EXTRACT_BE_U_2(bp + 6); if (hold != 180) { ND_PRINT((ndo, "Hold ")); - relts_print(ndo, hold); + unsigned_relts_print(ndo, hold); } ND_PRINT((ndo, "%s (%s/%d, %s", njoin ? "Join" : "Prune", - ipaddr_string(ndo, &bp[26]), bp[25] & 0x3f, - ipaddr_string(ndo, &bp[12]))); - if (EXTRACT_32BITS(&bp[16]) != 0xffffffff) - ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[16]))); + ipaddr_string(ndo, bp + 26), EXTRACT_U_1(bp + 25) & 0x3f, + ipaddr_string(ndo, bp + 12))); + if (EXTRACT_BE_U_4(bp + 16) != 0xffffffff) + ND_PRINT((ndo, "/%s", ipaddr_string(ndo, bp + 16))); ND_PRINT((ndo, ") %s%s %s", - (bp[24] & 0x01) ? "Sparse" : "Dense", - (bp[25] & 0x80) ? " WC" : "", - (bp[25] & 0x40) ? "RP" : "SPT")); + (EXTRACT_U_1(bp + 24) & 0x01) ? "Sparse" : "Dense", + (EXTRACT_U_1(bp + 25) & 0x80) ? " WC" : "", + (EXTRACT_U_1(bp + 25) & 0x40) ? "RP" : "SPT")); return; } + if (len < sizeof(struct in_addr)) + goto trunc; ND_TCHECK2(bp[0], sizeof(struct in_addr)); if (ndo->ndo_vflag > 1) ND_PRINT((ndo, "\n")); ND_PRINT((ndo, " Upstream Nbr: %s", ipaddr_string(ndo, bp))); - ND_TCHECK2(bp[6], 2); + bp += 4; + len -= 4; + if (len < 4) + goto trunc; + ND_TCHECK_2(bp + 2); if (ndo->ndo_vflag > 1) ND_PRINT((ndo, "\n")); ND_PRINT((ndo, " Hold time: ")); - relts_print(ndo, EXTRACT_16BITS(&bp[6])); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp + 2)); if (ndo->ndo_vflag < 2) return; - bp += 8; - len -= 8; + bp += 4; + len -= 4; - ND_TCHECK2(bp[0], 4); + if (len < 4) + goto trunc; + ND_TCHECK_4(bp); ngroups = bp[3]; bp += 4; len -= 4; @@ -189,17 +200,27 @@ pimv1_join_prune_print(netdissect_options *ndo, * XXX - does the address have length "addrlen" and the * mask length "maddrlen"? */ + if (len < 4) + goto trunc; ND_TCHECK2(bp[0], sizeof(struct in_addr)); ND_PRINT((ndo, "\n\tGroup: %s", ipaddr_string(ndo, bp))); - ND_TCHECK2(bp[4], sizeof(struct in_addr)); - if (EXTRACT_32BITS(&bp[4]) != 0xffffffff) - ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[4]))); - ND_TCHECK2(bp[8], 4); - njoin = EXTRACT_16BITS(&bp[8]); - nprune = EXTRACT_16BITS(&bp[10]); + bp += 4; + len -= 4; + if (len < 4) + goto trunc; + ND_TCHECK2(bp[0], sizeof(struct in_addr)); + if (EXTRACT_BE_U_4(bp) != 0xffffffff) + ND_PRINT((ndo, "/%s", ipaddr_string(ndo, bp))); + bp += 4; + len -= 4; + if (len < 4) + goto trunc; + ND_TCHECK_4(bp); + njoin = EXTRACT_BE_U_2(bp); + nprune = EXTRACT_BE_U_2(bp + 2); ND_PRINT((ndo, " joined: %d pruned: %d", njoin, nprune)); - bp += 12; - len -= 12; + bp += 4; + len -= 4; for (njp = 0; njp < (njoin + nprune); njp++) { const char *type; @@ -207,12 +228,15 @@ pimv1_join_prune_print(netdissect_options *ndo, type = "Join "; else type = "Prune"; - ND_TCHECK2(bp[0], 6); + if (len < 6) + goto trunc; + ND_TCHECK_6(bp); ND_PRINT((ndo, "\n\t%s %s%s%s%s/%d", type, - (bp[0] & 0x01) ? "Sparse " : "Dense ", - (bp[1] & 0x80) ? "WC " : "", - (bp[1] & 0x40) ? "RP " : "SPT ", - ipaddr_string(ndo, &bp[2]), bp[1] & 0x3f)); + (EXTRACT_U_1(bp) & 0x01) ? "Sparse " : "Dense ", + (EXTRACT_U_1(bp + 1) & 0x80) ? "WC " : "", + (EXTRACT_U_1(bp + 1) & 0x40) ? "RP " : "SPT ", + ipaddr_string(ndo, bp + 2), + EXTRACT_U_1(bp + 1) & 0x3f)); bp += 6; len -= 6; } @@ -227,13 +251,8 @@ void pimv1_print(netdissect_options *ndo, register const u_char *bp, register u_int len) { - register const u_char *ep; register u_char type; - ep = (const u_char *)ndo->ndo_snapend; - if (bp >= ep) - return; - ND_TCHECK(bp[1]); type = bp[1]; @@ -252,59 +271,63 @@ pimv1_print(netdissect_options *ndo, ND_PRINT((ndo, " Sparse-Dense-mode")); break; default: - ND_PRINT((ndo, " mode-%d", bp[8] >> 4)); + ND_PRINT((ndo, " mode-%d", EXTRACT_U_1(bp + 8) >> 4)); break; } } if (ndo->ndo_vflag) { - ND_TCHECK2(bp[10],2); + ND_TCHECK_2(bp + 10); ND_PRINT((ndo, " (Hold-time ")); - relts_print(ndo, EXTRACT_16BITS(&bp[10])); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp + 10)); ND_PRINT((ndo, ")")); } break; case PIMV1_TYPE_REGISTER: ND_TCHECK2(bp[8], 20); /* ip header */ - ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, &bp[20]), - ipaddr_string(ndo, &bp[24]))); + ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, bp + 20), + ipaddr_string(ndo, bp + 24))); break; case PIMV1_TYPE_REGISTER_STOP: ND_TCHECK2(bp[12], sizeof(struct in_addr)); - ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, &bp[8]), - ipaddr_string(ndo, &bp[12]))); + ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, bp + 8), + ipaddr_string(ndo, bp + 12))); break; case PIMV1_TYPE_RP_REACHABILITY: if (ndo->ndo_vflag) { - ND_TCHECK2(bp[22], 2); - ND_PRINT((ndo, " group %s", ipaddr_string(ndo, &bp[8]))); - if (EXTRACT_32BITS(&bp[12]) != 0xffffffff) - ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[12]))); - ND_PRINT((ndo, " RP %s hold ", ipaddr_string(ndo, &bp[16]))); - relts_print(ndo, EXTRACT_16BITS(&bp[22])); + ND_TCHECK_2(bp + 22); + ND_PRINT((ndo, " group %s", ipaddr_string(ndo, bp + 8))); + if (EXTRACT_BE_U_4(bp + 12) != 0xffffffff) + ND_PRINT((ndo, "/%s", ipaddr_string(ndo, bp + 12))); + ND_PRINT((ndo, " RP %s hold ", ipaddr_string(ndo, bp + 16))); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp + 22)); } break; case PIMV1_TYPE_ASSERT: ND_TCHECK2(bp[16], sizeof(struct in_addr)); - ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, &bp[16]), - ipaddr_string(ndo, &bp[8]))); - if (EXTRACT_32BITS(&bp[12]) != 0xffffffff) - ND_PRINT((ndo, "/%s", ipaddr_string(ndo, &bp[12]))); - ND_TCHECK2(bp[24], 4); + ND_PRINT((ndo, " for %s > %s", ipaddr_string(ndo, bp + 16), + ipaddr_string(ndo, bp + 8))); + if (EXTRACT_BE_U_4(bp + 12) != 0xffffffff) + ND_PRINT((ndo, "/%s", ipaddr_string(ndo, bp + 12))); + ND_TCHECK_4(bp + 24); ND_PRINT((ndo, " %s pref %d metric %d", - (bp[20] & 0x80) ? "RP-tree" : "SPT", - EXTRACT_32BITS(&bp[20]) & 0x7fffffff, - EXTRACT_32BITS(&bp[24]))); + (EXTRACT_U_1(bp + 20) & 0x80) ? "RP-tree" : "SPT", + EXTRACT_BE_U_4(bp + 20) & 0x7fffffff, + EXTRACT_BE_U_4(bp + 24))); break; case PIMV1_TYPE_JOIN_PRUNE: case PIMV1_TYPE_GRAFT: case PIMV1_TYPE_GRAFT_ACK: - if (ndo->ndo_vflag) - pimv1_join_prune_print(ndo, &bp[8], len - 8); + if (ndo->ndo_vflag) { + if (len < 8) + goto trunc; + pimv1_join_prune_print(ndo, bp + 8, len - 8); + } break; } - if ((bp[4] >> 4) != 1) - ND_PRINT((ndo, " [v%d]", bp[4] >> 4)); + ND_TCHECK(bp[4]); + if ((EXTRACT_U_1(bp + 4) >> 4) != 1) + ND_PRINT((ndo, " [v%d]", EXTRACT_U_1(bp + 4) >> 4)); return; trunc: @@ -326,6 +349,8 @@ cisco_autorp_print(netdissect_options *ndo, int numrps; int hold; + if (len < 8) + goto trunc; ND_TCHECK(bp[0]); ND_PRINT((ndo, " auto-rp ")); type = bp[0]; @@ -344,11 +369,11 @@ cisco_autorp_print(netdissect_options *ndo, ND_TCHECK(bp[1]); numrps = bp[1]; - ND_TCHECK2(bp[2], 2); + ND_TCHECK_2(bp + 2); ND_PRINT((ndo, " Hold ")); - hold = EXTRACT_16BITS(&bp[2]); + hold = EXTRACT_BE_U_2(bp + 2); if (hold) - relts_print(ndo, EXTRACT_16BITS(&bp[2])); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp + 2)); else ND_PRINT((ndo, "FOREVER")); @@ -373,10 +398,16 @@ cisco_autorp_print(netdissect_options *ndo, int nentries; char s; - ND_TCHECK2(bp[0], 4); + if (len < 4) + goto trunc; + ND_TCHECK_4(bp); ND_PRINT((ndo, " RP %s", ipaddr_string(ndo, bp))); - ND_TCHECK(bp[4]); - switch (bp[4] & 0x3) { + bp += 4; + len -= 4; + if (len < 1) + goto trunc; + ND_TCHECK(bp[0]); + switch (bp[0] & 0x3) { case 0: ND_PRINT((ndo, " PIMv?")); break; case 1: ND_PRINT((ndo, " PIMv1")); @@ -386,21 +417,28 @@ cisco_autorp_print(netdissect_options *ndo, case 3: ND_PRINT((ndo, " PIMv1+2")); break; } - if (bp[4] & 0xfc) - ND_PRINT((ndo, " [rsvd=0x%02x]", bp[4] & 0xfc)); - ND_TCHECK(bp[5]); - nentries = bp[5]; - bp += 6; len -= 6; + if (EXTRACT_U_1(bp) & 0xfc) + ND_PRINT((ndo, " [rsvd=0x%02x]", EXTRACT_U_1(bp) & 0xfc)); + bp += 1; + len -= 1; + if (len < 1) + goto trunc; + ND_TCHECK(bp[0]); + nentries = bp[0]; + bp += 1; + len -= 1; s = ' '; for (; nentries; nentries--) { - ND_TCHECK2(bp[0], 6); - ND_PRINT((ndo, "%c%s%s/%d", s, bp[0] & 1 ? "!" : "", - ipaddr_string(ndo, &bp[2]), bp[1])); - if (bp[0] & 0x02) { + if (len < 6) + goto trunc; + ND_TCHECK_6(bp); + ND_PRINT((ndo, "%c%s%s/%d", s, EXTRACT_U_1(bp) & 1 ? "!" : "", + ipaddr_string(ndo, bp + 2), EXTRACT_U_1(bp + 1))); + if (EXTRACT_U_1(bp) & 0x02) { ND_PRINT((ndo, " bidir")); } - if (bp[0] & 0xfc) { - ND_PRINT((ndo, "[rsvd=0x%02x]", bp[0] & 0xfc)); + if (EXTRACT_U_1(bp) & 0xfc) { + ND_PRINT((ndo, "[rsvd=0x%02x]", EXTRACT_U_1(bp) & 0xfc)); } s = ','; bp += 6; len -= 6; @@ -417,16 +455,13 @@ void pim_print(netdissect_options *ndo, register const u_char *bp, register u_int len, const u_char *bp2) { - register const u_char *ep; register const struct pim *pim = (const struct pim *)bp; - ep = (const u_char *)ndo->ndo_snapend; - if (bp >= ep) - return; #ifdef notyet /* currently we see only version and type */ ND_TCHECK(pim->pim_rsv); #endif + ND_TCHECK(pim->pim_typever); switch (PIM_VER(pim->pim_typever)) { case 2: if (!ndo->ndo_vflag) { @@ -450,6 +485,10 @@ pim_print(netdissect_options *ndo, break; } return; + +trunc: + ND_PRINT((ndo, "[|pim]")); + return; } /* @@ -492,8 +531,6 @@ pim_print(netdissect_options *ndo, * */ -static int pimv2_addr_len; - enum pimv2_addrtype { pimv2_unicast, pimv2_group, pimv2_source }; @@ -520,99 +557,96 @@ enum pimv2_addrtype { */ static int pimv2_addr_print(netdissect_options *ndo, - const u_char *bp, enum pimv2_addrtype at, int silent) + const u_char *bp, u_int len, enum pimv2_addrtype at, + u_int addr_len, int silent) { int af; - int len, hdrlen; + int hdrlen; - ND_TCHECK(bp[0]); - - if (pimv2_addr_len == 0) { + if (addr_len == 0) { + if (len < 2) + goto trunc; ND_TCHECK(bp[1]); - switch (bp[0]) { + switch (EXTRACT_U_1(bp)) { case 1: af = AF_INET; - len = sizeof(struct in_addr); + addr_len = (u_int)sizeof(struct in_addr); break; -#ifdef INET6 case 2: af = AF_INET6; - len = sizeof(struct in6_addr); + addr_len = (u_int)sizeof(struct in6_addr); break; -#endif default: return -1; } - if (bp[1] != 0) + if (EXTRACT_U_1(bp + 1) != 0) return -1; hdrlen = 2; } else { - switch (pimv2_addr_len) { + switch (addr_len) { case sizeof(struct in_addr): af = AF_INET; break; -#ifdef INET6 case sizeof(struct in6_addr): af = AF_INET6; break; -#endif default: return -1; break; } - len = pimv2_addr_len; hdrlen = 0; } bp += hdrlen; + len -= hdrlen; switch (at) { case pimv2_unicast: - ND_TCHECK2(bp[0], len); + if (len < addr_len) + goto trunc; + ND_TCHECK2(bp[0], addr_len); if (af == AF_INET) { if (!silent) ND_PRINT((ndo, "%s", ipaddr_string(ndo, bp))); } -#ifdef INET6 else if (af == AF_INET6) { if (!silent) ND_PRINT((ndo, "%s", ip6addr_string(ndo, bp))); } -#endif - return hdrlen + len; + return hdrlen + addr_len; case pimv2_group: case pimv2_source: - ND_TCHECK2(bp[0], len + 2); + if (len < addr_len + 2) + goto trunc; + ND_TCHECK2(bp[0], addr_len + 2); if (af == AF_INET) { if (!silent) { ND_PRINT((ndo, "%s", ipaddr_string(ndo, bp + 2))); - if (bp[1] != 32) - ND_PRINT((ndo, "/%u", bp[1])); + if (EXTRACT_U_1(bp + 1) != 32) + ND_PRINT((ndo, "/%u", EXTRACT_U_1(bp + 1))); } } -#ifdef INET6 else if (af == AF_INET6) { if (!silent) { ND_PRINT((ndo, "%s", ip6addr_string(ndo, bp + 2))); - if (bp[1] != 128) - ND_PRINT((ndo, "/%u", bp[1])); + if (EXTRACT_U_1(bp + 1) != 128) + ND_PRINT((ndo, "/%u", EXTRACT_U_1(bp + 1))); } } -#endif - if (bp[0] && !silent) { + if (EXTRACT_U_1(bp) && !silent) { if (at == pimv2_group) { - ND_PRINT((ndo, "(0x%02x)", bp[0])); + ND_PRINT((ndo, "(0x%02x)", EXTRACT_U_1(bp))); } else { ND_PRINT((ndo, "(%s%s%s", - bp[0] & 0x04 ? "S" : "", - bp[0] & 0x02 ? "W" : "", - bp[0] & 0x01 ? "R" : "")); - if (bp[0] & 0xf8) { - ND_PRINT((ndo, "+0x%02x", bp[0] & 0xf8)); + EXTRACT_U_1(bp) & 0x04 ? "S" : "", + EXTRACT_U_1(bp) & 0x02 ? "W" : "", + EXTRACT_U_1(bp) & 0x01 ? "R" : "")); + if (EXTRACT_U_1(bp) & 0xf8) { + ND_PRINT((ndo, "+0x%02x", EXTRACT_U_1(bp) & 0xf8)); } ND_PRINT((ndo, ")")); } } - return hdrlen + 2 + len; + return hdrlen + 2 + addr_len; default: return -1; } @@ -627,11 +661,16 @@ enum checksum_status { }; static enum checksum_status -pimv2_check_checksum(const u_char *bp, const u_char *bp2, u_int len) +pimv2_check_checksum(netdissect_options *ndo, const u_char *bp, + const u_char *bp2, u_int len) { const struct ip *ip; u_int cksum; + if (!ND_TTEST2(bp[0], len)) { + /* We don't have all the data. */ + return (UNVERIFIED); + } ip = (const struct ip *)bp2; if (IP_V(ip) == 4) { struct cksum_vec vec[1]; @@ -640,14 +679,12 @@ pimv2_check_checksum(const u_char *bp, const u_char *bp2, u_int len) vec[0].len = len; cksum = in_cksum(vec, 1); return (cksum ? INCORRECT : CORRECT); -#ifdef INET6 } else if (IP_V(ip) == 6) { const struct ip6_hdr *ip6; ip6 = (const struct ip6_hdr *)bp2; - cksum = nextproto6_cksum(ip6, bp, len, len, IPPROTO_PIM); + cksum = nextproto6_cksum(ndo, ip6, bp, len, len, IPPROTO_PIM); return (cksum ? INCORRECT : CORRECT); -#endif } else { return (UNVERIFIED); } @@ -657,23 +694,23 @@ static void pimv2_print(netdissect_options *ndo, register const u_char *bp, register u_int len, const u_char *bp2) { - register const u_char *ep; register const struct pim *pim = (const struct pim *)bp; int advance; enum checksum_status cksum_status; + int pimv2_addr_len; - ep = (const u_char *)ndo->ndo_snapend; - if (bp >= ep) - return; - if (ep > bp + len) - ep = bp + len; + if (len < 2) + goto trunc; ND_TCHECK(pim->pim_rsv); pimv2_addr_len = pim->pim_rsv; if (pimv2_addr_len != 0) ND_PRINT((ndo, ", RFC2117-encoding")); - ND_PRINT((ndo, ", cksum 0x%04x ", EXTRACT_16BITS(&pim->pim_cksum))); - if (EXTRACT_16BITS(&pim->pim_cksum) == 0) { + if (len < 4) + goto trunc; + ND_TCHECK(pim->pim_cksum); + ND_PRINT((ndo, ", cksum 0x%04x ", EXTRACT_BE_U_2(&pim->pim_cksum))); + if (EXTRACT_BE_U_2(&pim->pim_cksum) == 0) { ND_PRINT((ndo, "(unverified)")); } else { if (PIM_TYPE(pim->pim_typever) == PIMV2_TYPE_REGISTER) { @@ -681,7 +718,7 @@ pimv2_print(netdissect_options *ndo, * The checksum only covers the packet header, * not the encapsulated packet. */ - cksum_status = pimv2_check_checksum(bp, bp2, 8); + cksum_status = pimv2_check_checksum(ndo, bp, bp2, 8); if (cksum_status == INCORRECT) { /* * To quote RFC 4601, "For interoperability @@ -689,13 +726,13 @@ pimv2_print(netdissect_options *ndo, * calculated over the entire PIM Register * message should also be accepted." */ - cksum_status = pimv2_check_checksum(bp, bp2, len); + cksum_status = pimv2_check_checksum(ndo, bp, bp2, len); } } else { /* * The checksum covers the entire packet. */ - cksum_status = pimv2_check_checksum(bp, bp2, len); + cksum_status = pimv2_check_checksum(ndo, bp, bp2, len); } switch (cksum_status) { @@ -712,26 +749,37 @@ pimv2_print(netdissect_options *ndo, break; } } + bp += 4; + len -= 4; switch (PIM_TYPE(pim->pim_typever)) { case PIMV2_TYPE_HELLO: { uint16_t otype, olen; - bp += 4; - while (bp < ep) { - ND_TCHECK2(bp[0], 4); - otype = EXTRACT_16BITS(&bp[0]); - olen = EXTRACT_16BITS(&bp[2]); - ND_TCHECK2(bp[0], 4 + olen); + while (len > 0) { + if (len < 4) + goto trunc; + ND_TCHECK_4(bp); + otype = EXTRACT_BE_U_2(bp); + olen = EXTRACT_BE_U_2(bp + 2); ND_PRINT((ndo, "\n\t %s Option (%u), length %u, Value: ", tok2str(pimv2_hello_option_values, "Unknown", otype), otype, olen)); bp += 4; + len -= 4; + if (len < olen) + goto trunc; + ND_TCHECK2(bp[0], olen); switch (otype) { case PIMV2_HELLO_OPTION_HOLDTIME: - relts_print(ndo, EXTRACT_16BITS(bp)); + if (olen != 2) { + ND_PRINT((ndo, "ERROR: Option Length != 2 Bytes (%u)", olen)); + } else { + unsigned_relts_print(ndo, + EXTRACT_BE_U_2(bp)); + } break; case PIMV2_HELLO_OPTION_LANPRUNEDELAY: @@ -740,8 +788,8 @@ pimv2_print(netdissect_options *ndo, } else { char t_bit; uint16_t lan_delay, override_interval; - lan_delay = EXTRACT_16BITS(bp); - override_interval = EXTRACT_16BITS(bp+2); + lan_delay = EXTRACT_BE_U_2(bp); + override_interval = EXTRACT_BE_U_2(bp + 2); t_bit = (lan_delay & 0x8000)? 1 : 0; lan_delay &= ~0x8000; ND_PRINT((ndo, "\n\t T-bit=%d, LAN delay %dms, Override interval %dms", @@ -756,7 +804,7 @@ pimv2_print(netdissect_options *ndo, ND_PRINT((ndo, "Bi-Directional Capability (Old)")); break; case 4: - ND_PRINT((ndo, "%u", EXTRACT_32BITS(bp))); + ND_PRINT((ndo, "%u", EXTRACT_BE_U_4(bp))); break; default: ND_PRINT((ndo, "ERROR: Option Length != 4 Bytes (%u)", olen)); @@ -765,17 +813,26 @@ pimv2_print(netdissect_options *ndo, break; case PIMV2_HELLO_OPTION_GENID: - ND_PRINT((ndo, "0x%08x", EXTRACT_32BITS(bp))); + if (olen != 4) { + ND_PRINT((ndo, "ERROR: Option Length != 4 Bytes (%u)", olen)); + } else { + ND_PRINT((ndo, "0x%08x", EXTRACT_BE_U_4(bp))); + } break; case PIMV2_HELLO_OPTION_REFRESH_CAP: - ND_PRINT((ndo, "v%d", *bp)); - if (*(bp+1) != 0) { - ND_PRINT((ndo, ", interval ")); - relts_print(ndo, *(bp+1)); - } - if (EXTRACT_16BITS(bp+2) != 0) { - ND_PRINT((ndo, " ?0x%04x?", EXTRACT_16BITS(bp+2))); + if (olen != 4) { + ND_PRINT((ndo, "ERROR: Option Length != 4 Bytes (%u)", olen)); + } else { + ND_PRINT((ndo, "v%d", EXTRACT_U_1(bp))); + if (*(bp+1) != 0) { + ND_PRINT((ndo, ", interval ")); + unsigned_relts_print(ndo, + EXTRACT_U_1(bp + 1)); + } + if (EXTRACT_BE_U_2(bp + 2) != 0) { + ND_PRINT((ndo, " ?0x%04x?", EXTRACT_BE_U_2(bp + 2))); + } } break; @@ -786,14 +843,14 @@ pimv2_print(netdissect_options *ndo, case PIMV2_HELLO_OPTION_ADDRESS_LIST: if (ndo->ndo_vflag > 1) { const u_char *ptr = bp; + u_int plen = len; while (ptr < (bp+olen)) { ND_PRINT((ndo, "\n\t ")); - advance = pimv2_addr_print(ndo, ptr, pimv2_unicast, 0); - if (advance < 0) { - ND_PRINT((ndo, "...")); - break; - } + advance = pimv2_addr_print(ndo, ptr, plen, pimv2_unicast, pimv2_addr_len, 0); + if (advance < 0) + goto trunc; ptr += advance; + plen -= advance; } } break; @@ -806,6 +863,7 @@ pimv2_print(netdissect_options *ndo, if (ndo->ndo_vflag> 1) print_unknown_data(ndo, bp, "\n\t ", olen); bp += olen; + len -= olen; } break; } @@ -814,18 +872,24 @@ pimv2_print(netdissect_options *ndo, { const struct ip *ip; - ND_TCHECK2(*(bp + 4), PIMV2_REGISTER_FLAG_LEN); + if (len < 4) + goto trunc; + ND_TCHECK2(*bp, PIMV2_REGISTER_FLAG_LEN); ND_PRINT((ndo, ", Flags [ %s ]\n\t", tok2str(pimv2_register_flag_values, "none", - EXTRACT_32BITS(bp+4)))); + EXTRACT_BE_U_4(bp)))); - bp += 8; len -= 8; + bp += 4; len -= 4; /* encapsulated multicast packet */ + if (len == 0) + goto trunc; ip = (const struct ip *)bp; + ND_TCHECK(ip->ip_vhl); switch (IP_V(ip)) { case 0: /* Null header */ + ND_TCHECK(ip->ip_dst); ND_PRINT((ndo, "IP-Null-header %s > %s", ipaddr_string(ndo, &ip->ip_src), ipaddr_string(ndo, &ip->ip_dst))); @@ -847,22 +911,13 @@ pimv2_print(netdissect_options *ndo, } case PIMV2_TYPE_REGISTER_STOP: - bp += 4; len -= 4; - if (bp >= ep) - break; ND_PRINT((ndo, " group=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; - if (bp >= ep) - break; ND_PRINT((ndo, " source=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; break; @@ -913,230 +968,214 @@ pimv2_print(netdissect_options *ndo, uint16_t nprune; int i, j; - bp += 4; len -= 4; if (PIM_TYPE(pim->pim_typever) != 7) { /*not for Graft-ACK*/ - if (bp >= ep) - break; ND_PRINT((ndo, ", upstream-neighbor: ")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; } - if (bp + 4 > ep) - break; + if (len < 4) + goto trunc; + ND_TCHECK_4(bp); ngroup = bp[1]; - holdtime = EXTRACT_16BITS(&bp[2]); + holdtime = EXTRACT_BE_U_2(bp + 2); ND_PRINT((ndo, "\n\t %u group(s)", ngroup)); if (PIM_TYPE(pim->pim_typever) != 7) { /*not for Graft-ACK*/ ND_PRINT((ndo, ", holdtime: ")); if (holdtime == 0xffff) ND_PRINT((ndo, "infinite")); else - relts_print(ndo, holdtime); + unsigned_relts_print(ndo, holdtime); } bp += 4; len -= 4; for (i = 0; i < ngroup; i++) { - if (bp >= ep) - goto jp_done; ND_PRINT((ndo, "\n\t group #%u: ", i+1)); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { - ND_PRINT((ndo, "...)")); - goto jp_done; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; - if (bp + 4 > ep) { - ND_PRINT((ndo, "...)")); - goto jp_done; - } - njoin = EXTRACT_16BITS(&bp[0]); - nprune = EXTRACT_16BITS(&bp[2]); + if (len < 4) + goto trunc; + ND_TCHECK_4(bp); + njoin = EXTRACT_BE_U_2(bp); + nprune = EXTRACT_BE_U_2(bp + 2); ND_PRINT((ndo, ", joined sources: %u, pruned sources: %u", njoin, nprune)); bp += 4; len -= 4; for (j = 0; j < njoin; j++) { ND_PRINT((ndo, "\n\t joined source #%u: ", j+1)); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_source, 0)) < 0) { - ND_PRINT((ndo, "...)")); - goto jp_done; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_source, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; } for (j = 0; j < nprune; j++) { ND_PRINT((ndo, "\n\t pruned source #%u: ", j+1)); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_source, 0)) < 0) { - ND_PRINT((ndo, "...)")); - goto jp_done; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_source, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; } } - jp_done: break; } case PIMV2_TYPE_BOOTSTRAP: { int i, j, frpcnt; - bp += 4; /* Fragment Tag, Hash Mask len, and BSR-priority */ - if (bp + sizeof(uint16_t) >= ep) break; - ND_PRINT((ndo, " tag=%x", EXTRACT_16BITS(bp))); - bp += sizeof(uint16_t); - if (bp >= ep) break; - ND_PRINT((ndo, " hashmlen=%d", bp[0])); - if (bp + 1 >= ep) break; - ND_PRINT((ndo, " BSRprio=%d", bp[1])); + if (len < 2) + goto trunc; + ND_TCHECK_2(bp); + ND_PRINT((ndo, " tag=%x", EXTRACT_BE_U_2(bp))); + bp += 2; + len -= 2; + if (len < 1) + goto trunc; + ND_TCHECK(bp[0]); + ND_PRINT((ndo, " hashmlen=%d", EXTRACT_U_1(bp))); + if (len < 2) + goto trunc; + ND_TCHECK(bp[2]); + ND_PRINT((ndo, " BSRprio=%d", EXTRACT_U_1(bp + 1))); bp += 2; + len -= 2; /* Encoded-Unicast-BSR-Address */ - if (bp >= ep) break; ND_PRINT((ndo, " BSR=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; - for (i = 0; bp < ep; i++) { + for (i = 0; len > 0; i++) { /* Encoded-Group Address */ ND_PRINT((ndo, " (group%d: ", i)); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) - < 0) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; /* RP-Count, Frag RP-Cnt, and rsvd */ - if (bp >= ep) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } - ND_PRINT((ndo, " RPcnt=%d", bp[0])); - if (bp + 1 >= ep) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } - ND_PRINT((ndo, " FRPcnt=%d", frpcnt = bp[1])); + if (len < 1) + goto trunc; + ND_TCHECK(bp[0]); + ND_PRINT((ndo, " RPcnt=%d", EXTRACT_U_1(bp))); + if (len < 2) + goto trunc; + ND_TCHECK(bp[1]); + ND_PRINT((ndo, " FRPcnt=%d", frpcnt = EXTRACT_U_1(bp + 1))); + if (len < 4) + goto trunc; bp += 4; + len -= 4; - for (j = 0; j < frpcnt && bp < ep; j++) { + for (j = 0; j < frpcnt && len > 0; j++) { /* each RP info */ ND_PRINT((ndo, " RP%d=", j)); - if ((advance = pimv2_addr_print(ndo, bp, + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, - 0)) < 0) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } + pimv2_addr_len, + 0)) < 0) + goto trunc; bp += advance; + len -= advance; - if (bp + 1 >= ep) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } + if (len < 2) + goto trunc; + ND_TCHECK_2(bp); ND_PRINT((ndo, ",holdtime=")); - relts_print(ndo, EXTRACT_16BITS(bp)); - if (bp + 2 >= ep) { - ND_PRINT((ndo, "...)")); - goto bs_done; - } - ND_PRINT((ndo, ",prio=%d", bp[2])); + unsigned_relts_print(ndo, + EXTRACT_BE_U_2(bp)); + if (len < 3) + goto trunc; + ND_TCHECK(bp[2]); + ND_PRINT((ndo, ",prio=%d", EXTRACT_U_1(bp + 2))); + if (len < 4) + goto trunc; bp += 4; + len -= 4; } ND_PRINT((ndo, ")")); } - bs_done: break; } case PIMV2_TYPE_ASSERT: - bp += 4; len -= 4; - if (bp >= ep) - break; ND_PRINT((ndo, " group=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; - if (bp >= ep) - break; ND_PRINT((ndo, " src=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; len -= advance; - if (bp + 8 > ep) - break; - if (bp[0] & 0x80) + if (len < 8) + goto trunc; + ND_TCHECK_8(bp); + if (EXTRACT_U_1(bp) & 0x80) ND_PRINT((ndo, " RPT")); - ND_PRINT((ndo, " pref=%u", EXTRACT_32BITS(&bp[0]) & 0x7fffffff)); - ND_PRINT((ndo, " metric=%u", EXTRACT_32BITS(&bp[4]))); + ND_PRINT((ndo, " pref=%u", EXTRACT_BE_U_4(bp) & 0x7fffffff)); + ND_PRINT((ndo, " metric=%u", EXTRACT_BE_U_4(bp + 4))); break; case PIMV2_TYPE_CANDIDATE_RP: { int i, pfxcnt; - bp += 4; /* Prefix-Cnt, Priority, and Holdtime */ - if (bp >= ep) break; - ND_PRINT((ndo, " prefix-cnt=%d", bp[0])); + if (len < 1) + goto trunc; + ND_TCHECK(bp[0]); + ND_PRINT((ndo, " prefix-cnt=%d", EXTRACT_U_1(bp))); pfxcnt = bp[0]; - if (bp + 1 >= ep) break; - ND_PRINT((ndo, " prio=%d", bp[1])); - if (bp + 3 >= ep) break; + if (len < 2) + goto trunc; + ND_TCHECK(bp[1]); + ND_PRINT((ndo, " prio=%d", EXTRACT_U_1(bp + 1))); + if (len < 4) + goto trunc; + ND_TCHECK_2(bp + 2); ND_PRINT((ndo, " holdtime=")); - relts_print(ndo, EXTRACT_16BITS(&bp[2])); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp + 2)); bp += 4; + len -= 4; /* Encoded-Unicast-RP-Address */ - if (bp >= ep) break; ND_PRINT((ndo, " RP=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; /* Encoded-Group Addresses */ - for (i = 0; i < pfxcnt && bp < ep; i++) { + for (i = 0; i < pfxcnt && len > 0; i++) { ND_PRINT((ndo, " Group%d=", i)); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) - < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; } break; } case PIMV2_TYPE_PRUNE_REFRESH: ND_PRINT((ndo, " src=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; ND_PRINT((ndo, " grp=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_group, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; + len -= advance; ND_PRINT((ndo, " forwarder=")); - if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { - ND_PRINT((ndo, "...")); - break; - } + if ((advance = pimv2_addr_print(ndo, bp, len, pimv2_unicast, pimv2_addr_len, 0)) < 0) + goto trunc; bp += advance; - ND_TCHECK2(bp[0], 2); + len -= advance; + if (len < 2) + goto trunc; + ND_TCHECK_2(bp); ND_PRINT((ndo, " TUNR ")); - relts_print(ndo, EXTRACT_16BITS(bp)); + unsigned_relts_print(ndo, EXTRACT_BE_U_2(bp)); break;