X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/ba8a8cd5a385e86a857b90d2d087dd6f2cd5b083..396e94ff55a80d554b1fe46bf107db1e91008d6c:/print-nsh.c diff --git a/print-nsh.c b/print-nsh.c index a5b464e9..abd722d4 100644 --- a/print-nsh.c +++ b/print-nsh.c @@ -21,6 +21,10 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* \summary: Network Service Header (NSH) printer */ + +/* specification: draft-ietf-sfc-nsh-01 */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif @@ -39,11 +43,7 @@ static const struct tok nsh_flags [] = { #define NSH_BASE_HDR_LEN 4 #define NSH_SERVICE_PATH_HDR_LEN 4 -#define NSH_HDR_WORD_SIZE 4 - -/* - * NSH, draft-ietf-sfc-nsh-01 Network Service Header - */ +#define NSH_HDR_WORD_SIZE 4U void nsh_print(netdissect_options *ndo, const u_char *bp, u_int len) @@ -97,12 +97,23 @@ nsh_print(netdissect_options *ndo, const u_char *bp, u_int len) ND_PRINT((ndo, "service-path-id 0x%06x, ", service_path_id)); ND_PRINT((ndo, "service-index 0x%x", service_index)); - /* print Context Headers */ + /* Make sure we have all the headers */ if (len < length * NSH_HDR_WORD_SIZE) goto trunc; ND_TCHECK2(*bp, length * NSH_HDR_WORD_SIZE); + /* + * length includes the lengths of the Base and Service Path headers. + * That means it must be at least 2. + */ + if (length < 2) + goto trunc; + + /* + * Print, or skip, the Context Headers. + * (length - 2) is the length of those headers. + */ if (ndo->ndo_vflag > 2) { if (md_type == 0x01) { for (n = 0; n < length - 2; n++) { @@ -159,7 +170,7 @@ nsh_print(netdissect_options *ndo, const u_char *bp, u_int len) ip6_print(ndo, bp, next_len); break; case 0x3: - ether_print(ndo, bp, next_len, next_len, NULL, NULL); + ether_print(ndo, bp, next_len, ndo->ndo_snapend - bp, NULL, NULL); break; default: ND_PRINT((ndo, "ERROR: unknown-next-protocol"));