X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/bbedebc666a341d8e14922dce37a92766400c798..0f328b4aa16b0b47f05a85c440ce1d07719e3cac:/print-vqp.c diff --git a/print-vqp.c b/print-vqp.c index a316b0cd..e931025c 100644 --- a/print-vqp.c +++ b/print-vqp.c @@ -12,21 +12,21 @@ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * - * support for the Cisco prop. VQP Protocol - * * Original code by Carles Kishimoto */ -#define NETDISSECT_REWORKED +/* \summary: Cisco VLAN Query Protocol (VQP) printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include -#include "interface.h" +#include "netdissect.h" #include "extract.h" #include "addrtoname.h" +#include "ether.h" #define VQP_VERSION 1 #define VQP_EXTRACT_VERSION(x) ((x)&0xFF) @@ -44,16 +44,16 @@ */ struct vqp_common_header_t { - u_int8_t version; - u_int8_t msg_type; - u_int8_t error_code; - u_int8_t nitems; - u_int8_t sequence[4]; + uint8_t version; + uint8_t msg_type; + uint8_t error_code; + uint8_t nitems; + uint8_t sequence[4]; }; struct vqp_obj_tlv_t { - u_int8_t obj_type[4]; - u_int8_t obj_length[2]; + uint8_t obj_type[4]; + uint8_t obj_length[2]; }; #define VQP_OBJ_REQ_JOIN_PORT 0x01 @@ -104,15 +104,17 @@ vqp_print(netdissect_options *ndo, register const u_char *pptr, register u_int l const struct vqp_obj_tlv_t *vqp_obj_tlv; const u_char *tptr; - u_int16_t vqp_obj_len; - u_int32_t vqp_obj_type; - int tlen; - u_int8_t nitems; + uint16_t vqp_obj_len; + uint32_t vqp_obj_type; + u_int tlen; + uint8_t nitems; tptr=pptr; tlen = len; vqp_common_header = (const struct vqp_common_header_t *)pptr; ND_TCHECK(*vqp_common_header); + if (sizeof(struct vqp_common_header_t) > tlen) + goto trunc; /* * Sanity checking of the header. @@ -141,19 +143,22 @@ vqp_print(netdissect_options *ndo, register const u_char *pptr, register u_int l tok2str(vqp_msg_type_values, "unknown (%u)",vqp_common_header->msg_type), tok2str(vqp_error_code_values, "unknown (%u)",vqp_common_header->error_code), vqp_common_header->error_code, - EXTRACT_32BITS(&vqp_common_header->sequence), + EXTRACT_BE_U_4(&vqp_common_header->sequence), nitems, len)); /* skip VQP Common header */ - tptr+=sizeof(const struct vqp_common_header_t); - tlen-=sizeof(const struct vqp_common_header_t); + tptr+=sizeof(struct vqp_common_header_t); + tlen-=sizeof(struct vqp_common_header_t); while (nitems > 0 && tlen > 0) { vqp_obj_tlv = (const struct vqp_obj_tlv_t *)tptr; - vqp_obj_type = EXTRACT_32BITS(vqp_obj_tlv->obj_type); - vqp_obj_len = EXTRACT_16BITS(vqp_obj_tlv->obj_length); + ND_TCHECK(*vqp_obj_tlv); + if (sizeof(struct vqp_obj_tlv_t) > tlen) + goto trunc; + vqp_obj_type = EXTRACT_BE_U_4(vqp_obj_tlv->obj_type); + vqp_obj_len = EXTRACT_BE_U_2(vqp_obj_tlv->obj_length); tptr+=sizeof(struct vqp_obj_tlv_t); tlen-=sizeof(struct vqp_obj_tlv_t); @@ -167,12 +172,15 @@ vqp_print(netdissect_options *ndo, register const u_char *pptr, register u_int l } /* did we capture enough for fully decoding the object ? */ - if (!ND_TTEST2(*tptr, vqp_obj_len)) + ND_TCHECK2(*tptr, vqp_obj_len); + if (vqp_obj_len > tlen) goto trunc; switch(vqp_obj_type) { case VQP_OBJ_IP_ADDRESS: - ND_PRINT((ndo, "%s (0x%08x)", ipaddr_string(ndo, tptr), EXTRACT_32BITS(tptr))); + if (vqp_obj_len != 4) + goto trunc; + ND_PRINT((ndo, "%s (0x%08x)", ipaddr_string(ndo, tptr), EXTRACT_BE_U_4(tptr))); break; /* those objects have similar semantics - fall through */ case VQP_OBJ_PORT_NAME: @@ -184,6 +192,8 @@ vqp_print(netdissect_options *ndo, register const u_char *pptr, register u_int l /* those objects have similar semantics - fall through */ case VQP_OBJ_MAC_ADDRESS: case VQP_OBJ_MAC_NULL: + if (vqp_obj_len != ETHER_ADDR_LEN) + goto trunc; ND_PRINT((ndo, "%s", etheraddr_string(ndo, tptr))); break; default: