X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/99c91c3aec40b691641374f58e798bd8d6b657bd..febd0bc5aa33b3de9b5864e8c5565fe7b63f519f:/print-ospf.c diff --git a/print-ospf.c b/print-ospf.c index 6024c640..8dad2eaa 100644 --- a/print-ospf.c +++ b/print-ospf.c @@ -21,6 +21,8 @@ * OSPF support contributed by Jeffrey Honig (jch@mitchell.cit.cornell.edu) */ +/* \summary: Open Shortest Path First (OSPF) printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif @@ -64,7 +66,6 @@ static const struct tok ospf_rla_flag_values[] = { }; static const struct tok type2str[] = { - { OSPF_TYPE_UMD, "UMD" }, { OSPF_TYPE_HELLO, "Hello" }, { OSPF_TYPE_DD, "Database Description" }, { OSPF_TYPE_LS_REQ, "LS-Request" }, @@ -313,6 +314,10 @@ ospf_print_te_lsa(netdissect_options *ndo, tptr+=4; tlv_length-=4; + /* Infinite loop protection */ + if (subtlv_type == 0 || subtlv_length == 0) + goto invalid; + ND_PRINT((ndo, "\n\t %s subTLV (%u), length: %u", tok2str(lsa_opaque_te_link_tlv_subtlv_values,"unknown",subtlv_type), subtlv_type, @@ -321,10 +326,18 @@ ospf_print_te_lsa(netdissect_options *ndo, ND_TCHECK2(*tptr, subtlv_length); switch(subtlv_type) { case LS_OPAQUE_TE_LINK_SUBTLV_ADMIN_GROUP: + if (subtlv_length != 4) { + ND_PRINT((ndo, " != 4")); + goto invalid; + } ND_PRINT((ndo, ", 0x%08x", EXTRACT_32BITS(tptr))); break; case LS_OPAQUE_TE_LINK_SUBTLV_LINK_ID: case LS_OPAQUE_TE_LINK_SUBTLV_LINK_LOCAL_REMOTE_ID: + if (subtlv_length != 4 && subtlv_length != 8) { + ND_PRINT((ndo, " != 4 && != 8")); + goto invalid; + } ND_PRINT((ndo, ", %s (0x%08x)", ipaddr_string(ndo, tptr), EXTRACT_32BITS(tptr))); @@ -335,14 +348,26 @@ ospf_print_te_lsa(netdissect_options *ndo, break; case LS_OPAQUE_TE_LINK_SUBTLV_LOCAL_IP: case LS_OPAQUE_TE_LINK_SUBTLV_REMOTE_IP: + if (subtlv_length != 4) { + ND_PRINT((ndo, " != 4")); + goto invalid; + } ND_PRINT((ndo, ", %s", ipaddr_string(ndo, tptr))); break; case LS_OPAQUE_TE_LINK_SUBTLV_MAX_BW: case LS_OPAQUE_TE_LINK_SUBTLV_MAX_RES_BW: + if (subtlv_length != 4) { + ND_PRINT((ndo, " != 4")); + goto invalid; + } bw.i = EXTRACT_32BITS(tptr); ND_PRINT((ndo, ", %.3f Mbps", bw.f * 8 / 1000000)); break; case LS_OPAQUE_TE_LINK_SUBTLV_UNRES_BW: + if (subtlv_length != 32) { + ND_PRINT((ndo, " != 32")); + goto invalid; + } for (te_class = 0; te_class < 8; te_class++) { bw.i = EXTRACT_32BITS(tptr+te_class*4); ND_PRINT((ndo, "\n\t\tTE-Class %u: %.3f Mbps", @@ -351,9 +376,22 @@ ospf_print_te_lsa(netdissect_options *ndo, } break; case LS_OPAQUE_TE_LINK_SUBTLV_BW_CONSTRAINTS: + if (subtlv_length < 4) { + ND_PRINT((ndo, " < 4")); + goto invalid; + } + /* BC Model Id (1 octet) + Reserved (3 octets) */ ND_PRINT((ndo, "\n\t\tBandwidth Constraints Model ID: %s (%u)", tok2str(diffserv_te_bc_values, "unknown", *tptr), *tptr)); + if (subtlv_length % 4 != 0) { + ND_PRINT((ndo, "\n\t\tlength %u != N x 4", subtlv_length)); + goto invalid; + } + if (subtlv_length > 36) { + ND_PRINT((ndo, "\n\t\tlength %u > 36", subtlv_length)); + goto invalid; + } /* decode BCs until the subTLV ends */ for (te_class = 0; te_class < (subtlv_length-4)/4; te_class++) { bw.i = EXTRACT_32BITS(tptr+4+te_class*4); @@ -363,14 +401,27 @@ ospf_print_te_lsa(netdissect_options *ndo, } break; case LS_OPAQUE_TE_LINK_SUBTLV_TE_METRIC: + if (subtlv_length != 4) { + ND_PRINT((ndo, " != 4")); + goto invalid; + } ND_PRINT((ndo, ", Metric %u", EXTRACT_32BITS(tptr))); break; case LS_OPAQUE_TE_LINK_SUBTLV_LINK_PROTECTION_TYPE: - ND_PRINT((ndo, ", %s, Priority %u", - bittok2str(gmpls_link_prot_values, "none", *tptr), - *(tptr + 1))); + /* Protection Cap (1 octet) + Reserved ((3 octets) */ + if (subtlv_length != 4) { + ND_PRINT((ndo, " != 4")); + goto invalid; + } + ND_PRINT((ndo, ", %s", + bittok2str(gmpls_link_prot_values, "none", *tptr))); break; case LS_OPAQUE_TE_LINK_SUBTLV_INTF_SW_CAP_DESCR: + if (subtlv_length < 36) { + ND_PRINT((ndo, " < 36")); + goto invalid; + } + /* Switching Cap (1 octet) + Encoding (1) + Reserved (2) */ ND_PRINT((ndo, "\n\t\tInterface Switching Capability: %s", tok2str(gmpls_switch_cap_values, "Unknown", *(tptr)))); ND_PRINT((ndo, "\n\t\tLSP Encoding: %s\n\t\tMax LSP Bandwidth:", @@ -383,12 +434,20 @@ ospf_print_te_lsa(netdissect_options *ndo, } break; case LS_OPAQUE_TE_LINK_SUBTLV_LINK_TYPE: + if (subtlv_length != 1) { + ND_PRINT((ndo, " != 1")); + goto invalid; + } ND_PRINT((ndo, ", %s (%u)", tok2str(lsa_opaque_te_tlv_link_type_sub_tlv_values,"unknown",*tptr), *tptr)); break; case LS_OPAQUE_TE_LINK_SUBTLV_SHARED_RISK_GROUP: + if (subtlv_length % 4 != 0) { + ND_PRINT((ndo, " != N x 4")); + goto invalid; + } count_srlg = subtlv_length / 4; if (count_srlg != 0) ND_PRINT((ndo, "\n\t\t Shared risk group: ")); @@ -444,6 +503,9 @@ ospf_print_te_lsa(netdissect_options *ndo, return 0; trunc: return -1; +invalid: + ND_PRINT((ndo, "%s", istr)); + return -1; } static int @@ -505,16 +567,16 @@ trunc: /* draft-ietf-ospf-mt-09 */ static const struct tok ospf_topology_values[] = { - { 0, "default " }, - { 1, "multicast " }, - { 2, "management " }, + { 0, "default" }, + { 1, "multicast" }, + { 2, "management" }, { 0, NULL } }; /* * Print all the per-topology metrics. */ -static void +static int ospf_print_tos_metrics(netdissect_options *ndo, const union un_tos *tos) { @@ -527,9 +589,10 @@ ospf_print_tos_metrics(netdissect_options *ndo, /* * All but the first metric contain a valid topology id. */ - while (toscount) { - ND_PRINT((ndo, "\n\t\ttopology %s(%u), metric %u", - tok2str(ospf_topology_values, "", + while (toscount > 0) { + ND_TCHECK(*tos); + ND_PRINT((ndo, "\n\t\ttopology %s (%u), metric %u", + tok2str(ospf_topology_values, "Unknown", metric_count ? tos->metrics.tos_type : 0), metric_count ? tos->metrics.tos_type : 0, EXTRACT_16BITS(&tos->metrics.tos_metric))); @@ -537,6 +600,9 @@ ospf_print_tos_metrics(netdissect_options *ndo, tos++; toscount--; } + return 0; +trunc: + return 1; } /* @@ -610,7 +676,8 @@ ospf_print_lsa(netdissect_options *ndo, return (ls_end); } - ospf_print_tos_metrics(ndo, &rlp->un_tos); + if (ospf_print_tos_metrics(ndo, &rlp->un_tos)) + goto trunc; rlp = (const struct rlalink *)((const u_char *)(rlp + 1) + ((rlp->un_tos.link.link_tos_count) * sizeof(union un_tos))); @@ -641,8 +708,8 @@ ospf_print_lsa(netdissect_options *ndo, ND_TCHECK(*lp); ul = EXTRACT_32BITS(lp); topology = (ul & SLA_MASK_TOS) >> SLA_SHIFT_TOS; - ND_PRINT((ndo, "\n\t\ttopology %s(%u) metric %d", - tok2str(ospf_topology_values, "", topology), + ND_PRINT((ndo, "\n\t\ttopology %s (%u) metric %d", + tok2str(ospf_topology_values, "Unknown", topology), topology, ul & SLA_MASK_METRIC)); ++lp; @@ -658,8 +725,8 @@ ospf_print_lsa(netdissect_options *ndo, ND_TCHECK(*lp); ul = EXTRACT_32BITS(lp); topology = (ul & SLA_MASK_TOS) >> SLA_SHIFT_TOS; - ND_PRINT((ndo, "\n\t\ttopology %s(%u) metric %d", - tok2str(ospf_topology_values, "", topology), + ND_PRINT((ndo, "\n\t\ttopology %s (%u) metric %d", + tok2str(ospf_topology_values, "Unknown", topology), topology, ul & SLA_MASK_METRIC)); ++lp; @@ -680,8 +747,8 @@ ospf_print_lsa(netdissect_options *ndo, ND_TCHECK(almp->asla_tosmetric); ul = EXTRACT_32BITS(&almp->asla_tosmetric); topology = ((ul & ASLA_MASK_TOS) >> ASLA_SHIFT_TOS); - ND_PRINT((ndo, "\n\t\ttopology %s(%u), type %d, metric", - tok2str(ospf_topology_values, "", topology), + ND_PRINT((ndo, "\n\t\ttopology %s (%u), type %d, metric", + tok2str(ospf_topology_values, "Unknown", topology), topology, (ul & ASLA_FLAG_EXTERNAL) ? 2 : 1)); if ((ul & ASLA_MASK_METRIC) == 0xffffff) @@ -920,14 +987,8 @@ ospf_decode_v2(netdissect_options *ndo, switch (op->ospf_type) { - case OSPF_TYPE_UMD: - /* - * Rob Coltun's special monitoring packets; - * do nothing - */ - break; - case OSPF_TYPE_HELLO: + ND_TCHECK(op->ospf_hello.hello_options); ND_PRINT((ndo, "\n\tOptions [%s]", bittok2str(ospf_option_values,"none",op->ospf_hello.hello_options))); @@ -1058,7 +1119,7 @@ ospf_print(netdissect_options *ndo, /* If the type is valid translate it, or just print the type */ /* value. If it's not valid, say so and return */ ND_TCHECK(op->ospf_type); - cp = tok2str(type2str, "unknown LS-type", op->ospf_type); + cp = tok2str(type2str, "unknown LS-type %u", op->ospf_type); ND_PRINT((ndo, "OSPFv%u, %s, length %u", op->ospf_version, cp, length)); if (*cp == 'u') return;