X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/bbedebc666a341d8e14922dce37a92766400c798..6c8ef0eb86a39c277d1a43802dd8ea01b51cfb2a:/print-egp.c

diff --git a/print-egp.c b/print-egp.c
index 5013c2ff..8fba9ce7 100644
--- a/print-egp.c
+++ b/print-egp.c
@@ -18,27 +18,28 @@
  * Initial contribution from Jeff Honig (jch@MITCHELL.CIT.CORNELL.EDU).
  */
 
-#define NETDISSECT_REWORKED
+/* \summary: Exterior Gateway Protocol (EGP) printer */
+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 
-#include <tcpdump-stdinc.h>
+#include <netdissect-stdinc.h>
 
-#include "interface.h"
+#include "netdissect.h"
 #include "addrtoname.h"
 #include "extract.h"
 
 struct egp_packet {
-	u_int8_t  egp_version;
+	uint8_t  egp_version;
 #define	EGP_VERSION	2
-	u_int8_t  egp_type;
+	uint8_t  egp_type;
 #define  EGPT_ACQUIRE	3
 #define  EGPT_REACH	5
 #define  EGPT_POLL	2
 #define  EGPT_UPDATE	1
 #define  EGPT_ERROR	8
-	u_int8_t  egp_code;
+	uint8_t  egp_code;
 #define  EGPC_REQUEST	0
 #define  EGPC_CONFIRM	1
 #define  EGPC_REFUSE	2
@@ -46,7 +47,7 @@ struct egp_packet {
 #define  EGPC_CEASEACK	4
 #define  EGPC_HELLO	0
 #define  EGPC_HEARDU	1
-	u_int8_t  egp_status;
+	uint8_t  egp_status;
 #define  EGPS_UNSPEC	0
 #define  EGPS_ACTIVE	1
 #define  EGPS_PASSIVE	2
@@ -59,13 +60,13 @@ struct egp_packet {
 #define  EGPS_UP	1
 #define  EGPS_DOWN	2
 #define  EGPS_UNSOL	0x80
-	u_int16_t  egp_checksum;
-	u_int16_t  egp_as;
-	u_int16_t  egp_sequence;
+	uint16_t  egp_checksum;
+	uint16_t  egp_as;
+	uint16_t  egp_sequence;
 	union {
-		u_int16_t  egpu_hello;
-		u_int8_t egpu_gws[2];
-		u_int16_t  egpu_reason;
+		uint16_t  egpu_hello;
+		uint8_t egpu_gws[2];
+		uint16_t  egpu_reason;
 #define  EGPR_UNSPEC	0
 #define  EGPR_BADHEAD	1
 #define  EGPR_BADDATA	2
@@ -79,8 +80,8 @@ struct egp_packet {
 #define  egp_extgw  egp_handg.egpu_gws[1]
 #define  egp_reason  egp_handg.egpu_reason
 	union {
-		u_int16_t  egpu_poll;
-		u_int32_t egpu_sourcenet;
+		uint16_t  egpu_poll;
+		uint32_t egpu_sourcenet;
 	} egp_pands;
 #define  egp_poll  egp_pands.egpu_poll
 #define  egp_sourcenet  egp_pands.egpu_sourcenet
@@ -128,11 +129,11 @@ static const char *egp_reasons[] = {
 
 static void
 egpnrprint(netdissect_options *ndo,
-           register const struct egp_packet *egp)
+           register const struct egp_packet *egp, u_int length)
 {
-	register const u_int8_t *cp;
-	u_int32_t addr;
-	register u_int32_t net;
+	register const uint8_t *cp;
+	uint32_t addr;
+	register uint32_t net;
 	register u_int netlen;
 	int gateways, distances, networks;
 	int t_gateways;
@@ -152,12 +153,15 @@ egpnrprint(netdissect_options *ndo,
 		net = 0;
 		netlen = 0;
 	}
-	cp = (u_int8_t *)(egp + 1);
+	cp = (const uint8_t *)(egp + 1);
+	length -= sizeof(*egp);
 
 	t_gateways = egp->egp_intgw + egp->egp_extgw;
 	for (gateways = 0; gateways < t_gateways; ++gateways) {
 		/* Pickup host part of gateway address */
 		addr = 0;
+		if (length < 4 - netlen)
+			goto trunc;
 		ND_TCHECK2(cp[0], 4 - netlen);
 		switch (netlen) {
 
@@ -171,8 +175,12 @@ egpnrprint(netdissect_options *ndo,
 			addr = (addr << 8) | *cp++;
 		}
 		addr |= net;
+		length -= 4 - netlen;
+		if (length < 1)
+			goto trunc;
 		ND_TCHECK2(cp[0], 1);
 		distances = *cp++;
+		length--;
 		ND_PRINT((ndo, " %s %s ",
 		       gateways < (int)egp->egp_intgw ? "int" : "ext",
 		       ipaddr_string(ndo, &addr)));
@@ -180,21 +188,33 @@ egpnrprint(netdissect_options *ndo,
 		comma = "";
 		ND_PRINT((ndo, "("));
 		while (--distances >= 0) {
+			if (length < 2)
+				goto trunc;
 			ND_TCHECK2(cp[0], 2);
 			ND_PRINT((ndo, "%sd%d:", comma, (int)*cp++));
 			comma = ", ";
 			networks = *cp++;
+			length -= 2;
 			while (--networks >= 0) {
 				/* Pickup network number */
+				if (length < 1)
+					goto trunc;
 				ND_TCHECK2(cp[0], 1);
-				addr = (u_int32_t)*cp++ << 24;
+				addr = (uint32_t)*cp++ << 24;
+				length--;
 				if (IN_CLASSB(addr)) {
+					if (length < 1)
+						goto trunc;
 					ND_TCHECK2(cp[0], 1);
-					addr |= (u_int32_t)*cp++ << 16;
+					addr |= (uint32_t)*cp++ << 16;
+					length--;
 				} else if (!IN_CLASSA(addr)) {
+					if (length < 2)
+						goto trunc;
 					ND_TCHECK2(cp[0], 2);
-					addr |= (u_int32_t)*cp++ << 16;
-					addr |= (u_int32_t)*cp++ << 8;
+					addr |= (uint32_t)*cp++ << 16;
+					addr |= (uint32_t)*cp++ << 8;
+					length -= 2;
 				}
 				ND_PRINT((ndo, " %s", ipaddr_string(ndo, &addr)));
 			}
@@ -208,15 +228,15 @@ trunc:
 
 void
 egp_print(netdissect_options *ndo,
-          register const u_int8_t *bp, register u_int length)
+          register const uint8_t *bp, register u_int length)
 {
 	register const struct egp_packet *egp;
 	register int status;
 	register int code;
 	register int type;
 
-	egp = (struct egp_packet *)bp;
-        if (!ND_TTEST2(*egp, length)) {
+	egp = (const struct egp_packet *)bp;
+	if (length < sizeof(*egp) || !ND_TTEST(*egp)) {
 		ND_PRINT((ndo, "[|egp]"));
 		return;
 	}
@@ -333,7 +353,7 @@ egp_print(netdissect_options *ndo,
 		       egp->egp_intgw,
 		       egp->egp_extgw));
 		if (ndo->ndo_vflag)
-			egpnrprint(ndo, egp);
+			egpnrprint(ndo, egp, length);
 		break;
 
 	case EGPT_ERROR: