X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/d27628f311b9afcf5ed6e4b0068e8ba6d6324b14..82cfcd4391f9f6c748634bfd7b48a44f42e6a53d:/print-juniper.c diff --git a/print-juniper.c b/print-juniper.c index dafe48fa..13d8f837 100644 --- a/print-juniper.c +++ b/print-juniper.c @@ -30,6 +30,7 @@ __RCSID("NetBSD: print-juniper.c,v 1.3 2007/07/25 06:31:32 dogcow Exp "); #include +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "addrtoname.h" #include "extract.h" @@ -484,6 +485,7 @@ juniper_ggsn_if_print(netdissect_options *ndo, uint8_t proto; ndo->ndo_protocol = "juniper_ggsn"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_GGSN; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -515,11 +517,6 @@ juniper_ggsn_if_print(netdissect_options *ndo, } ndo->ndo_ll_hdr_len += l2info.header_len; - return; - -trunc: - nd_print_trunc(ndo); - ndo->ndo_ll_hdr_len += l2info.header_len; } #endif @@ -541,6 +538,7 @@ juniper_es_if_print(netdissect_options *ndo, const struct juniper_ipsec_header *ih; ndo->ndo_protocol = "juniper_es"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_ES; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -597,11 +595,6 @@ juniper_es_if_print(netdissect_options *ndo, ip_print(ndo, p, l2info.length); ndo->ndo_ll_hdr_len += l2info.header_len; - return; - -trunc: - nd_print_trunc(ndo); - ndo->ndo_ll_hdr_len += l2info.header_len; } #endif @@ -620,6 +613,7 @@ juniper_monitor_if_print(netdissect_options *ndo, const struct juniper_monitor_header *mh; ndo->ndo_protocol = "juniper_monitor"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_MONITOR; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -640,11 +634,6 @@ juniper_monitor_if_print(netdissect_options *ndo, ip_heuristic_guess (ndo, p, l2info.length); ndo->ndo_ll_hdr_len += l2info.header_len; - return; - -trunc: - nd_print_trunc(ndo); - ndo->ndo_ll_hdr_len += l2info.header_len; } #endif @@ -664,6 +653,7 @@ juniper_services_if_print(netdissect_options *ndo, const struct juniper_services_header *sh; ndo->ndo_protocol = "juniper_services"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_SERVICES; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -685,11 +675,6 @@ juniper_services_if_print(netdissect_options *ndo, ip_heuristic_guess (ndo, p, l2info.length); ndo->ndo_ll_hdr_len += l2info.header_len; - return; - -trunc: - nd_print_trunc(ndo); - ndo->ndo_ll_hdr_len += l2info.header_len; } #endif @@ -701,6 +686,7 @@ juniper_pppoe_if_print(netdissect_options *ndo, struct juniper_l2info_t l2info; ndo->ndo_protocol = "juniper_pppoe"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_PPPOE; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -722,6 +708,7 @@ juniper_ether_if_print(netdissect_options *ndo, struct juniper_l2info_t l2info; ndo->ndo_protocol = "juniper_ether"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_ETHER; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -744,6 +731,7 @@ juniper_ppp_if_print(netdissect_options *ndo, struct juniper_l2info_t l2info; ndo->ndo_protocol = "juniper_ppp"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_PPP; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -765,6 +753,7 @@ juniper_frelay_if_print(netdissect_options *ndo, struct juniper_l2info_t l2info; ndo->ndo_protocol = "juniper_frelay"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_FRELAY; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -786,6 +775,7 @@ juniper_chdlc_if_print(netdissect_options *ndo, struct juniper_l2info_t l2info; ndo->ndo_protocol = "juniper_chdlc"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_CHDLC; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -808,6 +798,7 @@ juniper_pppoe_atm_if_print(netdissect_options *ndo, uint16_t extracted_ethertype; ndo->ndo_protocol = "juniper_pppoe_atm"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_PPPOE_ATM; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -839,6 +830,7 @@ juniper_mlppp_if_print(netdissect_options *ndo, struct juniper_l2info_t l2info; ndo->ndo_protocol = "juniper_mlppp"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_MLPPP; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -957,6 +949,8 @@ juniper_mfr_if_print(netdissect_options *ndo, ND_PRINT("Bundle-ID %u, ", l2info.bundle); switch (l2info.proto) { case (LLCSAP_ISONS<<8 | LLCSAP_ISONS): + /* At least one byte is required */ + ND_TCHECK_1(p); isoclns_print(ndo, p + 1, l2info.length - 1); break; case (LLC_UI<<8 | NLPID_Q933): @@ -981,6 +975,7 @@ juniper_mlfr_if_print(netdissect_options *ndo, struct juniper_l2info_t l2info; ndo->ndo_protocol = "juniper_mlfr"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_MLFR; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -1030,6 +1025,7 @@ juniper_atm1_if_print(netdissect_options *ndo, struct juniper_l2info_t l2info; ndo->ndo_protocol = "juniper_atm1"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_ATM1; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -1055,6 +1051,8 @@ juniper_atm1_if_print(netdissect_options *ndo, } if (GET_U_1(p) == 0x03) { /* Cisco style NLPID encaps ? */ + /* At least one byte is required */ + ND_TCHECK_1(p); isoclns_print(ndo, p + 1, l2info.length - 1); /* FIXME check if frame was recognized */ ndo->ndo_ll_hdr_len += l2info.header_len; @@ -1088,6 +1086,7 @@ juniper_atm2_if_print(netdissect_options *ndo, struct juniper_l2info_t l2info; ndo->ndo_protocol = "juniper_atm2"; + memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_ATM2; if (juniper_parse_header(ndo, p, h, &l2info) == 0) { ndo->ndo_ll_hdr_len += l2info.header_len; @@ -1121,6 +1120,8 @@ juniper_atm2_if_print(netdissect_options *ndo, } if (GET_U_1(p) == 0x03) { /* Cisco style NLPID encaps ? */ + /* At least one byte is required */ + ND_TCHECK_1(p); isoclns_print(ndo, p + 1, l2info.length - 1); /* FIXME check if frame was recognized */ ndo->ndo_ll_hdr_len += l2info.header_len; @@ -1267,7 +1268,7 @@ juniper_parse_header(netdissect_options *ndo, const u_char *p, const struct pcap_pkthdr *h, struct juniper_l2info_t *l2info) { const struct juniper_cookie_table_t *lp = juniper_cookie_table; - u_int idx, jnx_ext_len, jnx_header_len = 0; + u_int idx, extension_length, jnx_header_len = 0; uint8_t tlv_type,tlv_len; #ifdef DLT_JUNIPER_ATM2 uint32_t control_word; @@ -1307,20 +1308,20 @@ juniper_parse_header(netdissect_options *ndo, tptr = p+jnx_header_len; /* ok to read extension length ? */ - jnx_ext_len = GET_BE_U_2(tptr); + extension_length = GET_BE_U_2(tptr); jnx_header_len += 2; tptr +=2; /* nail up the total length - * just in case something goes wrong * with TLV parsing */ - jnx_header_len += jnx_ext_len; + jnx_header_len += extension_length; if (ndo->ndo_vflag > 1) - ND_PRINT(", PCAP Extension(s) total length %u", jnx_ext_len); + ND_PRINT(", PCAP Extension(s) total length %u", extension_length); - ND_TCHECK_LEN(tptr, jnx_ext_len); - while (jnx_ext_len > JUNIPER_EXT_TLV_OVERHEAD) { + ND_TCHECK_LEN(tptr, extension_length); + while (extension_length > JUNIPER_EXT_TLV_OVERHEAD) { tlv_type = GET_U_1(tptr); tptr++; tlv_len = GET_U_1(tptr); @@ -1330,8 +1331,8 @@ juniper_parse_header(netdissect_options *ndo, /* sanity checks */ if (tlv_type == 0 || tlv_len == 0) break; - if (tlv_len+JUNIPER_EXT_TLV_OVERHEAD > jnx_ext_len) - goto trunc; + ND_ICHECK_U(extension_length, <, + tlv_len + JUNIPER_EXT_TLV_OVERHEAD); if (ndo->ndo_vflag > 1) ND_PRINT("\n\t %s Extension TLV #%u, length %u, value ", @@ -1374,7 +1375,7 @@ juniper_parse_header(netdissect_options *ndo, } tptr+=tlv_len; - jnx_ext_len -= tlv_len+JUNIPER_EXT_TLV_OVERHEAD; + extension_length -= tlv_len+JUNIPER_EXT_TLV_OVERHEAD; } if (ndo->ndo_vflag > 1) @@ -1588,8 +1589,8 @@ juniper_parse_header(netdissect_options *ndo, ND_PRINT("hlen %u, proto 0x%04x, ", l2info->header_len, l2info->proto); return 1; /* everything went ok so far. continue parsing */ -trunc: - nd_print_trunc(ndo); +invalid: + nd_print_invalid(ndo); return 0; } #endif /* defined(DLT_JUNIPER_GGSN) || defined(DLT_JUNIPER_ES) || \