X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/b5068d5380c73e02bc35a96f641cad18d9b03f3d..HEAD:/print-rsvp.c diff --git a/print-rsvp.c b/print-rsvp.c index 87355932..153070e8 100644 --- a/print-rsvp.c +++ b/print-rsvp.c @@ -19,12 +19,11 @@ /* specification: RFC 2205 */ -#ifdef HAVE_CONFIG_H #include -#endif #include "netdissect-stdinc.h" +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "extract.h" #include "addrtoname.h" @@ -305,12 +304,20 @@ static const struct tok rsvp_ctype_values[] = { { 0, NULL} }; +/* + * XXX - this assumes a 16-byte digest, which is true for HMAC-MD5, but + * isn't necessarily the case for other hash algorithms. + * + * Unless I've missed something, there's nothing in RFC 2747 to indicate + * the hash algorithm being used, so it's presumably something set up + * out-of-band, or negotiated by other RSVP objects. + */ struct rsvp_obj_integrity_t { - uint8_t flags; - uint8_t res; - uint8_t key_id[6]; - uint8_t sequence[8]; - uint8_t digest[16]; + nd_uint8_t flags; + nd_uint8_t res; + nd_byte key_id[6]; + nd_byte sequence[8]; + nd_byte digest[16]; }; static const struct tok rsvp_obj_integrity_flag_values[] = { @@ -319,21 +326,21 @@ static const struct tok rsvp_obj_integrity_flag_values[] = { }; struct rsvp_obj_frr_t { - uint8_t setup_prio; - uint8_t hold_prio; - uint8_t hop_limit; - uint8_t flags; - uint8_t bandwidth[4]; - uint8_t include_any[4]; - uint8_t exclude_any[4]; - uint8_t include_all[4]; + nd_uint8_t setup_prio; + nd_uint8_t hold_prio; + nd_uint8_t hop_limit; + nd_uint8_t flags; + nd_float bandwidth; + nd_uint32_t include_any; + nd_uint32_t exclude_any; + nd_uint32_t include_all; }; #define RSVP_OBJ_XRO_MASK_SUBOBJ(x) ((x)&0x7f) #define RSVP_OBJ_XRO_MASK_LOOSE(x) ((x)&0x80) -#define RSVP_OBJ_CAPABILITY_FLAGS_MASK 0x7 +#define RSVP_OBJ_CAPABILITY_FLAGS_MASK 0x7U #define RSVP_OBJ_XRO_RES 0 #define RSVP_OBJ_XRO_IPV4 1 @@ -452,7 +459,7 @@ static const struct tok rsvp_obj_error_code_diffserv_te_values[] = { { 6, "CT/setup priority and CT/holding priority do not form a configured TE-Class" }, { 7, "Inconsistency between signaled PSC and signaled CT" }, { 8, "Inconsistency between signaled PHBs and signaled CT" }, - { 0, NULL} + { 0, NULL} }; /* rfc3473 / rfc 3471 */ @@ -505,16 +512,9 @@ rsvp_intserv_print(netdissect_options *ndo, const u_char *tptr, u_int obj_tlen) { u_int parameter_id,parameter_length; - union { - float f; - uint32_t i; - } bw; - if (obj_tlen < 4) - return 0; - ND_TCHECK_1(tptr); + ND_ICHECK_U(obj_tlen, <, 4); parameter_id = GET_U_1(tptr); - ND_TCHECK_2(tptr + 2); parameter_length = GET_BE_U_2(tptr + 2)<<2; /* convert wordcount to bytecount */ ND_PRINT("\n\t Parameter ID: %s (%u), length: %u, Flags: [0x%02x]", @@ -523,8 +523,7 @@ rsvp_intserv_print(netdissect_options *ndo, parameter_length, GET_U_1(tptr + 1)); - if (obj_tlen < parameter_length+4) - return 0; + ND_ICHECK_U(obj_tlen, <, parameter_length + 4); switch(parameter_id) { /* parameter_id */ case 4: @@ -536,7 +535,6 @@ rsvp_intserv_print(netdissect_options *ndo, * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ if (parameter_length == 4) { - ND_TCHECK_4(tptr + 4); ND_PRINT("\n\t\tIS hop count: %u", GET_BE_U_4(tptr + 4)); } break; @@ -550,9 +548,8 @@ rsvp_intserv_print(netdissect_options *ndo, * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ if (parameter_length == 4) { - ND_TCHECK_4(tptr + 4); - bw.i = GET_BE_U_4(tptr + 4); - ND_PRINT("\n\t\tPath b/w estimate: %.10g Mbps", bw.f / 125000); + ND_PRINT("\n\t\tPath b/w estimate: %.10g Mbps", + GET_BE_F_4(tptr + 4) / 125000); } break; @@ -565,7 +562,6 @@ rsvp_intserv_print(netdissect_options *ndo, * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ if (parameter_length == 4) { - ND_TCHECK_4(tptr + 4); ND_PRINT("\n\t\tMinimum path latency: "); if (GET_BE_U_4(tptr + 4) == 0xffffffff) ND_PRINT("don't care"); @@ -584,7 +580,6 @@ rsvp_intserv_print(netdissect_options *ndo, * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ if (parameter_length == 4) { - ND_TCHECK_4(tptr + 4); ND_PRINT("\n\t\tComposed MTU: %u bytes", GET_BE_U_4(tptr + 4)); } break; @@ -606,13 +601,12 @@ rsvp_intserv_print(netdissect_options *ndo, */ if (parameter_length == 20) { - ND_TCHECK_LEN(tptr + 4, 20); - bw.i = GET_BE_U_4(tptr + 4); - ND_PRINT("\n\t\tToken Bucket Rate: %.10g Mbps", bw.f / 125000); - bw.i = GET_BE_U_4(tptr + 8); - ND_PRINT("\n\t\tToken Bucket Size: %.10g bytes", bw.f); - bw.i = GET_BE_U_4(tptr + 12); - ND_PRINT("\n\t\tPeak Data Rate: %.10g Mbps", bw.f / 125000); + ND_PRINT("\n\t\tToken Bucket Rate: %.10g Mbps", + GET_BE_F_4(tptr + 4) / 125000); + ND_PRINT("\n\t\tToken Bucket Size: %.10g bytes", + GET_BE_F_4(tptr + 8)); + ND_PRINT("\n\t\tPeak Data Rate: %.10g Mbps", + GET_BE_F_4(tptr + 12) / 125000); ND_PRINT("\n\t\tMinimum Policed Unit: %u bytes", GET_BE_U_4(tptr + 16)); ND_PRINT("\n\t\tMaximum Packet Size: %u bytes", @@ -632,9 +626,7 @@ rsvp_intserv_print(netdissect_options *ndo, */ if (parameter_length == 8) { - ND_TCHECK_8(tptr + 4); - bw.i = GET_BE_U_4(tptr + 4); - ND_PRINT("\n\t\tRate: %.10g Mbps", bw.f / 125000); + ND_PRINT("\n\t\tRate: %.10g Mbps", GET_BE_F_4(tptr + 4) / 125000); ND_PRINT("\n\t\tSlack Term: %u", GET_BE_U_4(tptr + 8)); } break; @@ -644,7 +636,6 @@ rsvp_intserv_print(netdissect_options *ndo, case 135: case 136: if (parameter_length == 4) { - ND_TCHECK_4(tptr + 4); ND_PRINT("\n\t\tValue: %u", GET_BE_U_4(tptr + 4)); } break; @@ -655,8 +646,8 @@ rsvp_intserv_print(netdissect_options *ndo, } return (parameter_length+4); /* header length 4 bytes */ -trunc: - nd_print_trunc(ndo); +invalid: + nd_print_invalid(ndo); return 0; } @@ -688,19 +679,12 @@ rsvp_obj_print(netdissect_options *ndo, u_short rsvp_obj_len,rsvp_obj_ctype,rsvp_obj_class_num; u_int obj_tlen,intserv_serv_tlen; int hexdump; - u_int processed,padbytes,error_code,error_value,i,sigcheck; - union { - float f; - uint32_t i; - } bw; + u_int processed,padbytes,error_code,error_value,sigcheck; u_int namelen; u_int action, subchannel; while(tlen>=sizeof(struct rsvp_object_header)) { - /* did we capture enough for fully decoding the object header ? */ - ND_TCHECK_LEN(tptr, sizeof(struct rsvp_object_header)); - rsvp_obj_header = (const struct rsvp_object_header *)tptr; rsvp_obj_len=GET_BE_U_2(rsvp_obj_header->length); rsvp_obj_ctype=GET_U_1(rsvp_obj_header->ctype); @@ -751,7 +735,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 DestAddress: %s, Protocol ID: 0x%02x", indent, GET_IPADDR_STRING(obj_tptr), @@ -765,7 +749,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv6 DestAddress: %s, Protocol ID: 0x%02x", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -780,7 +764,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_TUNNEL_IPV6: if (obj_tlen < 36) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv6 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -792,7 +776,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_14: /* IPv6 p2mp LSP Tunnel */ if (obj_tlen < 26) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv6 P2MP LSP ID: 0x%08x, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", indent, GET_BE_U_4(obj_tptr), @@ -803,7 +787,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_13: /* IPv4 p2mp LSP Tunnel */ if (obj_tlen < 12) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 P2MP LSP ID: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", indent, GET_IPADDR_STRING(obj_tptr), @@ -815,7 +799,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_TUNNEL_IPV4: case RSVP_CTYPE_UNI_IPV4: if (obj_tlen < 12) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", indent, GET_IPADDR_STRING(obj_tptr), @@ -833,7 +817,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < sizeof(nd_ipv4)) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 Receiver Address: %s", indent, GET_IPADDR_STRING(obj_tptr)); @@ -842,7 +826,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < sizeof(nd_ipv6)) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv6 Receiver Address: %s", indent, GET_IP6ADDR_STRING(obj_tptr)); @@ -858,7 +842,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < sizeof(nd_ipv4)) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 Notify Node Address: %s", indent, GET_IPADDR_STRING(obj_tptr)); @@ -867,7 +851,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < sizeof(nd_ipv6)) - return-1; + goto obj_tooshort; ND_PRINT("%s IPv6 Notify Node Address: %s", indent, GET_IP6ADDR_STRING(obj_tptr)); @@ -893,7 +877,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_2: if (obj_tlen < 4) - return-1; + goto obj_tooshort; ND_PRINT("%s Generalized Label: %u", indent, GET_BE_U_4(obj_tptr)); @@ -902,7 +886,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_3: if (obj_tlen < 12) - return-1; + goto obj_tooshort; ND_PRINT("%s Waveband ID: %u%s Start Label: %u, Stop Label: %u", indent, GET_BE_U_4(obj_tptr), @@ -921,7 +905,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; + goto obj_tooshort; ND_PRINT("%s Reservation Style: %s, Flags: [0x%02x]", indent, tok2str(rsvp_resstyle_values, @@ -940,7 +924,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return-1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, Source Port: %u", indent, GET_IPADDR_STRING(obj_tptr), @@ -950,7 +934,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return-1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, Source Port: %u", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -960,7 +944,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_13: /* IPv6 p2mp LSP tunnel */ if (obj_tlen < 40) - return-1; + goto obj_tooshort; ND_PRINT("%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", indent, @@ -974,7 +958,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 8) - return-1; + goto obj_tooshort; ND_PRINT("%s IPv4 Tunnel Sender Address: %s, LSP-ID: 0x%04x", indent, GET_IPADDR_STRING(obj_tptr), @@ -984,7 +968,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_12: /* IPv4 p2mp LSP tunnel */ if (obj_tlen < 16) - return-1; + goto obj_tooshort; ND_PRINT("%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", indent, @@ -1016,7 +1000,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_2: if (obj_tlen < 12) - return-1; + goto obj_tooshort; ND_PRINT("%s L3 Protocol ID: %s", indent, tok2str(ethertype_values, @@ -1037,7 +1021,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_3: if (obj_tlen < 12) - return-1; + goto obj_tooshort; ND_PRINT("%s L3 Protocol ID: %s", indent, tok2str(ethertype_values, @@ -1054,7 +1038,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_4: if (obj_tlen < 4) - return-1; + goto obj_tooshort; ND_PRINT("%s LSP Encoding Type: %s (%u)", indent, tok2str(gmpls_encoding_values, @@ -1132,7 +1116,6 @@ rsvp_obj_print(netdissect_options *ndo, ND_PRINT(" ERROR: length != 8"); goto invalid; } - ND_TCHECK_8(obj_tptr); ND_PRINT(", Flags: [%s] (%#x), Class-Type: %s (%u), %u", bittok2str(rsvp_obj_rro_label_flag_values, "none", @@ -1158,7 +1141,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_1: case RSVP_CTYPE_2: if (obj_tlen < 8) - return-1; + goto obj_tooshort; ND_PRINT("%s Source Instance: 0x%08x, Destination Instance: 0x%08x", indent, GET_BE_U_4(obj_tptr), @@ -1175,7 +1158,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 8) - return-1; + goto obj_tooshort; ND_PRINT("%s Restart Time: %ums, Recovery Time: %ums", indent, GET_BE_U_4(obj_tptr), @@ -1192,7 +1175,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; + goto obj_tooshort; uint32_t unused_and_flags = GET_BE_U_4(obj_tptr); if (unused_and_flags & ~RSVP_OBJ_CAPABILITY_FLAGS_MASK) ND_PRINT("%s [reserved=0x%08x must be zero]", indent, @@ -1214,13 +1197,12 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 4) - return-1; + goto obj_tooshort; namelen = GET_U_1(obj_tptr + 3); if (obj_tlen < 4+namelen) - return-1; + goto obj_tooshort; ND_PRINT("%s Session Name: ", indent); - for (i = 0; i < namelen; i++) - fn_print_char(ndo, GET_U_1(obj_tptr + 4 + i)); + nd_printjn(ndo, obj_tptr + 4, namelen); ND_PRINT("%s Setup Priority: %u, Holding Priority: %u, Flags: [%s] (%#x)", indent, GET_U_1(obj_tptr), @@ -1244,11 +1226,11 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; + goto obj_tooshort; /* read variable length subobjects */ total_subobj_len = obj_tlen; - while(total_subobj_len > 0) { + while(total_subobj_len != 0) { /* If RFC 3476 Section 3.1 defined that a sub-object of the * GENERALIZED_UNI RSVP object must have the Length field as * a multiple of 4, instead of the check below it would be @@ -1258,8 +1240,7 @@ rsvp_obj_print(netdissect_options *ndo, * each iteration subobj_len may happen to be a multiple of 1 * and test it and total_subobj_len respectively. */ - if (total_subobj_len < 4) - goto invalid; + ND_ICHECK_U(total_subobj_len, <, 4); subobj_len = GET_BE_U_2(obj_tptr); subobj_type = (GET_BE_U_2(obj_tptr + 2))>>8; af = (GET_BE_U_2(obj_tptr + 2))&0x00FF; @@ -1306,15 +1287,15 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_GEN_UNI_SUBOBJ_DESTINATION_TNA_ADDRESS: switch(af) { - case AFNUM_INET: + case AFNUM_IP: if (subobj_len < 8) - return -1; + goto subobj_tooshort; ND_PRINT("%s UNI IPv4 TNA address: %s", indent, GET_IPADDR_STRING(obj_tptr + 4)); break; - case AFNUM_INET6: + case AFNUM_IP6: if (subobj_len < 20) - return -1; + goto subobj_tooshort; ND_PRINT("%s UNI IPv6 TNA address: %s", indent, GET_IP6ADDR_STRING(obj_tptr + 4)); break; @@ -1336,7 +1317,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_GEN_UNI_SUBOBJ_EGRESS_LABEL: if (subobj_len < 16) { - return -1; + goto subobj_tooshort; } ND_PRINT("%s U-bit: %x, Label type: %u, Logical port id: %u, Label: %u", @@ -1349,7 +1330,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_GEN_UNI_SUBOBJ_SERVICE_LEVEL: if (subobj_len < 8) { - return -1; + goto subobj_tooshort; } ND_PRINT("%s Service level: %u", @@ -1376,7 +1357,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_3: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return-1; + goto obj_tooshort; ND_PRINT("%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x", indent, GET_IPADDR_STRING(obj_tptr), @@ -1389,7 +1370,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_4: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return-1; + goto obj_tooshort; ND_PRINT("%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -1407,7 +1388,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; + goto obj_tooshort; ND_PRINT("%s Refresh Period: %ums", indent, GET_BE_U_4(obj_tptr)); @@ -1426,7 +1407,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_2: if (obj_tlen < 4) - return-1; + goto obj_tooshort; ND_PRINT("%s Msg-Version: %u, length: %u", indent, (GET_U_1(obj_tptr) & 0xf0) >> 4, @@ -1465,7 +1446,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return-1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, Source Port: %u", indent, GET_IPADDR_STRING(obj_tptr), @@ -1475,7 +1456,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return-1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, Source Port: %u", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -1485,7 +1466,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_3: if (obj_tlen < 20) - return-1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, Flow Label: %u", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -1495,7 +1476,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_TUNNEL_IPV6: if (obj_tlen < 20) - return-1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, LSP-ID: 0x%04x", indent, GET_IPADDR_STRING(obj_tptr), @@ -1505,7 +1486,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_13: /* IPv6 p2mp LSP tunnel */ if (obj_tlen < 40) - return-1; + goto obj_tooshort; ND_PRINT("%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", indent, @@ -1519,7 +1500,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 8) - return-1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, LSP-ID: 0x%04x", indent, GET_IPADDR_STRING(obj_tptr), @@ -1529,7 +1510,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_12: /* IPv4 p2mp LSP tunnel */ if (obj_tlen < 16) - return-1; + goto obj_tooshort; ND_PRINT("%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", indent, @@ -1553,14 +1534,13 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: /* new style */ if (obj_tlen < sizeof(struct rsvp_obj_frr_t)) - return-1; - bw.i = GET_BE_U_4(obj_ptr.rsvp_obj_frr->bandwidth); + goto obj_tooshort; ND_PRINT("%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps", indent, - obj_ptr.rsvp_obj_frr->setup_prio, - obj_ptr.rsvp_obj_frr->hold_prio, - obj_ptr.rsvp_obj_frr->hop_limit, - bw.f * 8 / 1000000); + GET_U_1(obj_ptr.rsvp_obj_frr->setup_prio), + GET_U_1(obj_ptr.rsvp_obj_frr->hold_prio), + GET_U_1(obj_ptr.rsvp_obj_frr->hop_limit), + GET_BE_F_4(obj_ptr.rsvp_obj_frr->bandwidth) * 8 / 1000000); ND_PRINT("%s Include-any: 0x%08x, Exclude-any: 0x%08x, Include-all: 0x%08x", indent, GET_BE_U_4(obj_ptr.rsvp_obj_frr->include_any), @@ -1572,14 +1552,13 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_TUNNEL_IPV4: /* old style */ if (obj_tlen < 16) - return-1; - bw.i = GET_BE_U_4(obj_ptr.rsvp_obj_frr->bandwidth); + goto obj_tooshort; ND_PRINT("%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps", indent, - obj_ptr.rsvp_obj_frr->setup_prio, - obj_ptr.rsvp_obj_frr->hold_prio, - obj_ptr.rsvp_obj_frr->hop_limit, - bw.f * 8 / 1000000); + GET_U_1(obj_ptr.rsvp_obj_frr->setup_prio), + GET_U_1(obj_ptr.rsvp_obj_frr->hold_prio), + GET_U_1(obj_ptr.rsvp_obj_frr->hop_limit), + GET_BE_F_4(obj_ptr.rsvp_obj_frr->bandwidth) * 8 / 1000000); ND_PRINT("%s Include Colors: 0x%08x, Exclude Colors: 0x%08x", indent, GET_BE_U_4(obj_ptr.rsvp_obj_frr->include_any), @@ -1614,6 +1593,8 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_OBJ_CLASSTYPE_OLD: /* fall through */ switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: + if (obj_tlen < 4) + goto obj_tooshort; ND_PRINT("%s CT: %u", indent, GET_BE_U_4(obj_tptr) & 0x7); @@ -1630,7 +1611,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_3: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return-1; + goto obj_tooshort; error_code=GET_U_1(obj_tptr + 5); error_value=GET_BE_U_2(obj_tptr + 6); ND_PRINT("%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)", @@ -1662,7 +1643,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_4: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return-1; + goto obj_tooshort; error_code=GET_U_1(obj_tptr + 17); error_value=GET_BE_U_2(obj_tptr + 18); ND_PRINT("%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)", @@ -1694,7 +1675,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; + goto obj_tooshort; padbytes = GET_BE_U_2(obj_tptr + 2); ND_PRINT("%s TLV count: %u, padding bytes: %u", indent, @@ -1710,9 +1691,11 @@ rsvp_obj_print(netdissect_options *ndo, GET_U_1(obj_tptr), GET_U_1(obj_tptr + 1)); if (obj_tlen < GET_U_1(obj_tptr + 1)) - return-1; - if (GET_U_1(obj_tptr + 1) < 2) + goto obj_tooshort; + if (GET_U_1(obj_tptr + 1) < 2) { + ND_PRINT("%sERROR: property TLV is too short", indent); return -1; + } print_unknown_data(ndo, obj_tptr + 2, "\n\t\t", GET_U_1(obj_tptr + 1) - 2); obj_tlen-=GET_U_1(obj_tptr + 1); @@ -1730,8 +1713,8 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: case RSVP_CTYPE_2: - if (obj_tlen < 8) - return-1; + if (obj_tlen < 4) + goto obj_tooshort; ND_PRINT("%s Flags [0x%02x], epoch: %u", indent, GET_U_1(obj_tptr), @@ -1757,7 +1740,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < sizeof(struct rsvp_obj_integrity_t)) - return-1; + goto obj_tooshort; obj_ptr.rsvp_obj_integrity = (const struct rsvp_obj_integrity_t *)obj_tptr; ND_PRINT("%s Key-ID 0x%04x%08x, Sequence 0x%08x%08x, Flags [%s]", indent, @@ -1767,7 +1750,7 @@ rsvp_obj_print(netdissect_options *ndo, GET_BE_U_4(obj_ptr.rsvp_obj_integrity->sequence + 4), bittok2str(rsvp_obj_integrity_flag_values, "none", - obj_ptr.rsvp_obj_integrity->flags)); + GET_U_1(obj_ptr.rsvp_obj_integrity->flags))); ND_PRINT("%s MD5-sum 0x%08x%08x%08x%08x ", indent, GET_BE_U_4(obj_ptr.rsvp_obj_integrity->digest), @@ -1793,7 +1776,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; + goto obj_tooshort; ND_PRINT("%s Flags [%s]", indent, bittok2str(rsvp_obj_admin_status_flag_values, "none", GET_BE_U_4(obj_tptr))); @@ -1809,7 +1792,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return-1; + goto obj_tooshort; action = (GET_BE_U_2(obj_tptr)>>8); ND_PRINT("%s Action: %s (%u), Label type: %u", indent, @@ -1822,7 +1805,7 @@ rsvp_obj_print(netdissect_options *ndo, /* only a couple of subchannels are expected */ if (obj_tlen < 12) - return -1; + goto obj_tooshort; ND_PRINT("%s Start range: %u, End range: %u", indent, GET_BE_U_4(obj_tptr + 4), GET_BE_U_4(obj_tptr + 8)); @@ -1853,7 +1836,7 @@ rsvp_obj_print(netdissect_options *ndo, switch (rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 4) - return-1; + goto obj_tooshort; ND_PRINT("%s Sub-LSP destination address: %s", indent, GET_IPADDR_STRING(obj_tptr)); @@ -1862,7 +1845,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < 16) - return-1; + goto obj_tooshort; ND_PRINT("%s Sub-LSP destination address: %s", indent, GET_IP6ADDR_STRING(obj_tptr)); @@ -1897,12 +1880,15 @@ rsvp_obj_print(netdissect_options *ndo, tlen-=rsvp_obj_len; } return 0; +subobj_tooshort: + ND_PRINT("%sERROR: sub-object is too short", indent); + return -1; +obj_tooshort: + ND_PRINT("%sERROR: object is too short", indent); + return -1; invalid: nd_print_invalid(ndo); return -1; -trunc: - nd_print_trunc(ndo); - return -1; } void @@ -1971,7 +1957,7 @@ rsvp_print(netdissect_options *ndo, * Bundle messages may not contain bundle submessages, so we don't * need to handle bundle submessages specially. */ - while(tlen > 0) { + while(tlen != 0) { const u_char *subpptr=tptr, *subtptr; u_short subplen, subtlen; @@ -2051,8 +2037,4 @@ rsvp_print(netdissect_options *ndo, print_unknown_data(ndo, tptr, "\n\t ", tlen); break; } - - return; -trunc: - nd_print_trunc(ndo); }