X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/b3fb6a6c61e25ef8be56a2f1da7790a4e5ccd20b..a7a76012a129ffefb64f102948db63fbc715e45e:/print-ip.c

diff --git a/print-ip.c b/print-ip.c
index ccf61a3f..519cd793 100644
--- a/print-ip.c
+++ b/print-ip.c
@@ -54,7 +54,7 @@ static const struct tok ip_option_values[] = {
 /*
  * print the recorded route in an IP RR, LSRR or SSRR option.
  */
-static void
+static int
 ip_printroute(netdissect_options *ndo,
               register const u_char *cp, u_int length)
 {
@@ -63,19 +63,25 @@ ip_printroute(netdissect_options *ndo,
 
 	if (length < 3) {
 		ND_PRINT((ndo, " [bad length %u]", length));
-		return;
+		return (0);
 	}
 	if ((length + 1) & 3)
 		ND_PRINT((ndo, " [bad length %u]", length));
+	ND_TCHECK(cp[2]);
 	ptr = cp[2] - 1;
 	if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1)
 		ND_PRINT((ndo, " [bad ptr %u]", cp[2]));
 
 	for (len = 3; len < length; len += 4) {
+		ND_TCHECK2(cp[len], 4);
 		ND_PRINT((ndo, " %s", ipaddr_string(ndo, &cp[len])));
 		if (ptr > len)
 			ND_PRINT((ndo, ","));
 	}
+	return (0);
+
+trunc:
+	return (-1);
 }
 
 /*
@@ -162,7 +168,7 @@ nextproto4_cksum(netdissect_options *ndo,
 	return (in_cksum(vec, 2));
 }
 
-static void
+static int
 ip_printts(netdissect_options *ndo,
            register const u_char *cp, u_int length)
 {
@@ -173,16 +179,18 @@ ip_printts(netdissect_options *ndo,
 
 	if (length < 4) {
 		ND_PRINT((ndo, "[bad length %u]", length));
-		return;
+		return (0);
 	}
 	ND_PRINT((ndo, " TS{"));
 	hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4;
 	if ((length - 4) & (hoplen-1))
 		ND_PRINT((ndo, "[bad length %u]", length));
+	ND_TCHECK(cp[2]);
 	ptr = cp[2] - 1;
 	len = 0;
 	if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1)
 		ND_PRINT((ndo, "[bad ptr %u]", cp[2]));
+	ND_TCHECK(cp[3]);
 	switch (cp[3]&0xF) {
 	case IPOPT_TS_TSONLY:
 		ND_PRINT((ndo, "TSONLY"));
@@ -211,8 +219,9 @@ ip_printts(netdissect_options *ndo,
 	for (len = 4; len < length; len += hoplen) {
 		if (ptr == len)
 			type = " ^ ";
-		ND_PRINT((ndo, "%s%d@%s", type, EXTRACT_32BITS(&cp[len+hoplen-4]),
-		       hoplen!=8 ? "" : ipaddr_string(ndo, &cp[len])));
+		ND_TCHECK2(cp[len], hoplen);
+		ND_PRINT((ndo, "%s%d@%s", type, EXTRACT_BE_32BITS(cp + len + hoplen - 4),
+			  hoplen!=8 ? "" : ipaddr_string(ndo, &cp[len])));
 		type = " ";
 	}
 
@@ -223,6 +232,10 @@ done:
 		ND_PRINT((ndo, " [%d hops not recorded]} ", cp[3]>>4));
 	else
 		ND_PRINT((ndo, "}"));
+	return (0);
+
+trunc:
+	return (-1);
 }
 
 /*
@@ -272,13 +285,15 @@ ip_optprint(netdissect_options *ndo,
 			return;
 
 		case IPOPT_TS:
-			ip_printts(ndo, cp, option_len);
+			if (ip_printts(ndo, cp, option_len) == -1)
+				goto trunc;
 			break;
 
 		case IPOPT_RR:       /* fall through */
 		case IPOPT_SSRR:
 		case IPOPT_LSRR:
-			ip_printroute(ndo, cp, option_len);
+			if (ip_printroute(ndo, cp, option_len) == -1)
+				goto trunc;
 			break;
 
 		case IPOPT_RA:
@@ -287,8 +302,8 @@ ip_optprint(netdissect_options *ndo,
 				break;
 			}
 			ND_TCHECK(cp[3]);
-			if (EXTRACT_16BITS(&cp[2]) != 0)
-				ND_PRINT((ndo, " value %u", EXTRACT_16BITS(&cp[2])));
+			if (EXTRACT_BE_16BITS(cp + 2) != 0)
+				ND_PRINT((ndo, " value %u", EXTRACT_BE_16BITS(cp + 2)));
 			break;
 
 		case IPOPT_NOP:       /* nothing to print - fall through */
@@ -551,7 +566,7 @@ ip_print(netdissect_options *ndo,
 		return;
 	}
 
-	ipds->len = EXTRACT_16BITS(&ipds->ip->ip_len);
+	ipds->len = EXTRACT_BE_16BITS(&ipds->ip->ip_len);
 	if (length < ipds->len)
 		ND_PRINT((ndo, "truncated-ip - %u bytes missing! ",
 			ipds->len - length));
@@ -580,7 +595,7 @@ ip_print(netdissect_options *ndo,
 
 	ipds->len -= hlen;
 
-	ipds->off = EXTRACT_16BITS(&ipds->ip->ip_off);
+	ipds->off = EXTRACT_BE_16BITS(&ipds->ip->ip_off);
 
         if (ndo->ndo_vflag) {
             ND_PRINT((ndo, "(tos 0x%x", (int)ipds->ip->ip_tos));
@@ -613,13 +628,13 @@ ip_print(netdissect_options *ndo,
 	     */
 
 	    ND_PRINT((ndo, ", id %u, offset %u, flags [%s], proto %s (%u)",
-                         EXTRACT_16BITS(&ipds->ip->ip_id),
+                         EXTRACT_BE_16BITS(&ipds->ip->ip_id),
                          (ipds->off & 0x1fff) * 8,
                          bittok2str(ip_frag_values, "none", ipds->off&0xe000),
                          tok2str(ipproto_values,"unknown",ipds->ip->ip_p),
                          ipds->ip->ip_p));
 
-            ND_PRINT((ndo, ", length %u", EXTRACT_16BITS(&ipds->ip->ip_len)));
+            ND_PRINT((ndo, ", length %u", EXTRACT_BE_16BITS(&ipds->ip->ip_len)));
 
             if ((hlen - sizeof(struct ip)) > 0) {
                 ND_PRINT((ndo, ", options ("));
@@ -632,7 +647,7 @@ ip_print(netdissect_options *ndo,
 	        vec[0].len = hlen;
 	        sum = in_cksum(vec, 1);
 		if (sum != 0) {
-		    ip_sum = EXTRACT_16BITS(&ipds->ip->ip_sum);
+		    ip_sum = EXTRACT_BE_16BITS(&ipds->ip->ip_sum);
 		    ND_PRINT((ndo, ", bad cksum %x (->%x)!", ip_sum,
 			     in_cksum_shouldbe(ip_sum, sum)));
 		}