X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/b8c56aa09228ee6c59af9bd2565bc66b69ac7943..d7b497cac78b6e22a66a6bae9bdec60a8044f67a:/print-ip6.c diff --git a/print-ip6.c b/print-ip6.c index 9f590f2a..237c36d4 100644 --- a/print-ip6.c +++ b/print-ip6.c @@ -48,9 +48,9 @@ ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, const struct ip6_hdr *ip6) { const u_char *cp; - int advance; + u_int advance; u_int nh; - const struct in6_addr *dst_addr; + const void *dst_addr; const struct ip6_rthdr *dp; const struct ip6_rthdr0 *dp0; const struct in6_addr *addr; @@ -59,7 +59,7 @@ ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, cp = (const u_char *)ip6; advance = sizeof(struct ip6_hdr); nh = ip6->ip6_nxt; - dst_addr = &ip6->ip6_dst; + dst_addr = (const void *)&ip6->ip6_dst; while (cp < ndo->ndo_snapend) { cp += advance; @@ -76,8 +76,8 @@ ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, * the header, in units of 8 octets, excluding * the first 8 octets. */ - ND_TCHECK2(*cp, 2); - advance = (int)((*(cp + 1) + 1) << 3); + ND_TCHECK_2(cp); + advance = (EXTRACT_U_1(cp + 1) + 1) << 3; nh = *cp; break; @@ -87,7 +87,7 @@ ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, * marked as reserved, and the header is always * the same size. */ - ND_TCHECK2(*cp, 1); + ND_TCHECK_1(cp); advance = sizeof(struct ip6_frag); nh = *cp; break; @@ -112,7 +112,7 @@ ip6_finddst(netdissect_options *ndo, struct in6_addr *dst, if ((const u_char *)(addr + 1) > ndo->ndo_snapend) goto trunc; - dst_addr = addr; + dst_addr = (const void *)addr; addr++; } break; @@ -219,7 +219,7 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) const u_char *ipend; register const u_char *cp; register u_int payload_len; - int nh; + u_int nh; int fragmented = 0; u_int flow; @@ -239,14 +239,14 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) return; } - payload_len = EXTRACT_16BITS(&ip6->ip6_plen); + payload_len = EXTRACT_BE_U_2(&ip6->ip6_plen); len = payload_len + sizeof(struct ip6_hdr); if (length < len) ND_PRINT((ndo, "truncated-ip6 - %u bytes missing!", len - length)); if (ndo->ndo_vflag) { - flow = EXTRACT_32BITS(&ip6->ip6_flow); + flow = EXTRACT_BE_U_4(&ip6->ip6_flow); ND_PRINT((ndo, "(")); #if 0 /* rfc1883 */ @@ -280,6 +280,8 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) advance = sizeof(struct ip6_hdr); nh = ip6->ip6_nxt; while (cp < ndo->ndo_snapend && advance > 0) { + if (len < (u_int)advance) + goto trunc; cp += advance; len -= advance; @@ -295,19 +297,19 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) advance = hbhopt_print(ndo, cp); if (advance < 0) return; - nh = *cp; + nh = EXTRACT_U_1(cp); break; case IPPROTO_DSTOPTS: advance = dstopt_print(ndo, cp); if (advance < 0) return; - nh = *cp; + nh = EXTRACT_U_1(cp); break; case IPPROTO_FRAGMENT: advance = frag6_print(ndo, cp, (const u_char *)ip6); if (advance < 0 || ndo->ndo_snapend <= cp + advance) return; - nh = *cp; + nh = EXTRACT_U_1(cp); fragmented = 1; break; @@ -322,11 +324,16 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) * mobility header. */ advance = mobility_print(ndo, cp, (const u_char *)ip6); - nh = *cp; + if (advance < 0) + return; + nh = EXTRACT_U_1(cp); return; case IPPROTO_ROUTING: + ND_TCHECK(*cp); advance = rt6_print(ndo, cp, (const u_char *)ip6); - nh = *cp; + if (advance < 0) + return; + nh = EXTRACT_U_1(cp); break; case IPPROTO_SCTP: sctp_print(ndo, cp, (const u_char *)ip6, len); @@ -345,12 +352,16 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) return; case IPPROTO_AH: advance = ah_print(ndo, cp); - nh = *cp; + if (advance < 0) + return; + nh = EXTRACT_U_1(cp); break; case IPPROTO_ESP: { - int enh, padlen; + u_int enh, padlen; advance = esp_print(ndo, cp, len, (const u_char *)ip6, &enh, &padlen); + if (advance < 0) + return; nh = enh & 0xff; len -= padlen; break; @@ -396,6 +407,10 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) rsvp_print(ndo, cp, len); return; + case IPPROTO_EIGRP: + eigrp_print(ndo, cp, len); + return; + case IPPROTO_NONE: ND_PRINT((ndo, "no next header")); return;