X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/db752b7f79065d0d90bec13694af6c2c6e32c5d3..refs/pull/926/head:/print-rpki-rtr.c diff --git a/print-rpki-rtr.c b/print-rpki-rtr.c index 569bc4ea..780845f2 100644 --- a/print-rpki-rtr.c +++ b/print-rpki-rtr.c @@ -12,23 +12,25 @@ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * - * support for the The RPKI/Router Protocol as RFC6810 - * - * Original code by Hannes Gredler (hannes@juniper.net) + * Original code by Hannes Gredler (hannes@gredler.at) */ +/* \summary: Resource Public Key Infrastructure (RPKI) to Router Protocol printer */ + +/* specification: RFC 6810 */ + #ifdef HAVE_CONFIG_H -#include "config.h" +#include #endif -#include - -#include +#include "netdissect-stdinc.h" +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "extract.h" #include "addrtoname.h" + /* * RPKI/Router PDU header * @@ -36,27 +38,26 @@ * The length does include the version and length fields. */ typedef struct rpki_rtr_pdu_ { - u_char version; /* Version number */ - u_char pdu_type; /* PDU type */ + nd_uint8_t version; /* Version number */ + nd_uint8_t pdu_type; /* PDU type */ union { - u_char session_id[2]; /* Session id */ - u_char error_code[2]; /* Error code */ + nd_uint16_t session_id; /* Session id */ + nd_uint16_t error_code; /* Error code */ } u; - u_char length[4]; + nd_uint32_t length; } rpki_rtr_pdu; -#define RPKI_RTR_PDU_OVERHEAD (offsetof(rpki_rtr_pdu, rpki_rtr_pdu_msg)) /* * IPv4 Prefix PDU. */ typedef struct rpki_rtr_pdu_ipv4_prefix_ { rpki_rtr_pdu pdu_header; - u_char flags; - u_char prefix_length; - u_char max_length; - u_char zero; - u_char prefix[4]; - u_char as[4]; + nd_uint8_t flags; + nd_uint8_t prefix_length; + nd_uint8_t max_length; + nd_uint8_t zero; + nd_ipv4 prefix; + nd_uint32_t as; } rpki_rtr_pdu_ipv4_prefix; /* @@ -64,12 +65,12 @@ typedef struct rpki_rtr_pdu_ipv4_prefix_ { */ typedef struct rpki_rtr_pdu_ipv6_prefix_ { rpki_rtr_pdu pdu_header; - u_char flags; - u_char prefix_length; - u_char max_length; - u_char zero; - u_char prefix[16]; - u_char as[4]; + nd_uint8_t flags; + nd_uint8_t prefix_length; + nd_uint8_t max_length; + nd_uint8_t zero; + nd_ipv6 prefix; + nd_uint32_t as; } rpki_rtr_pdu_ipv6_prefix; /* @@ -77,7 +78,10 @@ typedef struct rpki_rtr_pdu_ipv6_prefix_ { */ typedef struct rpki_rtr_pdu_error_report_ { rpki_rtr_pdu pdu_header; - u_char encapsulated_pdu_length[4]; /* Encapsulated PDU length */ + nd_uint32_t encapsulated_pdu_length; /* Encapsulated PDU length */ + /* Copy of Erroneous PDU (variable, optional) */ + /* Length of Error Text (4 octets in network byte order) */ + /* Arbitrary Text of Error Diagnostic Message (variable, optional) */ } rpki_rtr_pdu_error_report; /* @@ -120,7 +124,6 @@ static const struct tok rpki_rtr_error_codes[] = { /* * Build a indentation string for a given indentation level. - * XXX this should be really in util.c */ static char * indent_string (u_int indent) @@ -167,24 +170,46 @@ indent_string (u_int indent) /* * Print a single PDU. */ -static void -rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent) +static u_int +rpki_rtr_pdu_print(netdissect_options *ndo, const u_char *tptr, const u_int len, + const u_char recurse, const u_int indent) { const rpki_rtr_pdu *pdu_header; u_int pdu_type, pdu_len, hexdump; const u_char *msg; + uint8_t pdu_ver; + if (len < sizeof(rpki_rtr_pdu)) { + ND_PRINT("(%u bytes is too few to decode)", len); + goto invalid; + } pdu_header = (const rpki_rtr_pdu *)tptr; - pdu_type = pdu_header->pdu_type; - pdu_len = EXTRACT_32BITS(pdu_header->length); - ND_TCHECK2(*tptr, pdu_len); + pdu_ver = GET_U_1(pdu_header->version); + if (pdu_ver != 0) { + /* Skip the rest of the input buffer because even if this is + * a well-formed PDU of a future RPKI-Router protocol version + * followed by a well-formed PDU of RPKI-Router protocol + * version 0, there is no way to know exactly how to skip the + * current PDU. + */ + ND_PRINT("%sRPKI-RTRv%u (unknown)", indent_string(8), pdu_ver); + return len; + } + pdu_type = GET_U_1(pdu_header->pdu_type); + pdu_len = GET_BE_U_4(pdu_header->length); + /* Do not check bounds with pdu_len yet, do it in the case blocks + * below to make it possible to decode at least the beginning of + * a truncated Error Report PDU or a truncated encapsulated PDU. + */ hexdump = FALSE; - ND_PRINT((ndo, "%sRPKI-RTRv%u, %s PDU (%u), length: %u", + ND_PRINT("%sRPKI-RTRv%u, %s PDU (%u), length: %u", indent_string(8), - pdu_header->version, + pdu_ver, tok2str(rpki_rtr_pdu_values, "Unknown", pdu_type), - pdu_type, pdu_len)); + pdu_type, pdu_len); + if (pdu_len < sizeof(rpki_rtr_pdu) || pdu_len > len) + goto invalid; switch (pdu_type) { @@ -194,11 +219,13 @@ rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent) case RPKI_RTR_SERIAL_NOTIFY_PDU: case RPKI_RTR_SERIAL_QUERY_PDU: case RPKI_RTR_END_OF_DATA_PDU: + if (pdu_len != sizeof(rpki_rtr_pdu) + 4) + goto invalid; msg = (const u_char *)(pdu_header + 1); - ND_PRINT((ndo, "%sSession ID: 0x%04x, Serial: %u", + ND_PRINT("%sSession ID: 0x%04x, Serial: %u", indent_string(indent+2), - EXTRACT_16BITS(pdu_header->u.session_id), - EXTRACT_32BITS(msg))); + GET_BE_U_2(pdu_header->u.session_id), + GET_BE_U_4(msg)); break; /* @@ -206,6 +233,9 @@ rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent) */ case RPKI_RTR_RESET_QUERY_PDU: case RPKI_RTR_CACHE_RESET_PDU: + if (pdu_len != sizeof(rpki_rtr_pdu)) + goto invalid; + /* no additional boundary to check */ /* * Zero payload PDUs. @@ -213,21 +243,26 @@ rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent) break; case RPKI_RTR_CACHE_RESPONSE_PDU: - ND_PRINT((ndo, "%sSession ID: 0x%04x", + if (pdu_len != sizeof(rpki_rtr_pdu)) + goto invalid; + /* no additional boundary to check */ + ND_PRINT("%sSession ID: 0x%04x", indent_string(indent+2), - EXTRACT_16BITS(pdu_header->u.session_id))); + GET_BE_U_2(pdu_header->u.session_id)); break; case RPKI_RTR_IPV4_PREFIX_PDU: { const rpki_rtr_pdu_ipv4_prefix *pdu; + if (pdu_len != sizeof(rpki_rtr_pdu_ipv4_prefix)) + goto invalid; pdu = (const rpki_rtr_pdu_ipv4_prefix *)tptr; - ND_PRINT((ndo, "%sIPv4 Prefix %s/%u-%u, origin-as %u, flags 0x%02x", + ND_PRINT("%sIPv4 Prefix %s/%u-%u, origin-as %u, flags 0x%02x", indent_string(indent+2), - ipaddr_string(ndo, pdu->prefix), - pdu->prefix_length, pdu->max_length, - EXTRACT_32BITS(pdu->as), pdu->flags)); + GET_IPADDR_STRING(pdu->prefix), + GET_U_1(pdu->prefix_length), GET_U_1(pdu->max_length), + GET_BE_U_4(pdu->as), GET_U_1(pdu->flags)); } break; @@ -235,12 +270,14 @@ rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent) { const rpki_rtr_pdu_ipv6_prefix *pdu; + if (pdu_len != sizeof(rpki_rtr_pdu_ipv6_prefix)) + goto invalid; pdu = (const rpki_rtr_pdu_ipv6_prefix *)tptr; - ND_PRINT((ndo, "%sIPv6 Prefix %s/%u-%u, origin-as %u, flags 0x%02x", + ND_PRINT("%sIPv6 Prefix %s/%u-%u, origin-as %u, flags 0x%02x", indent_string(indent+2), - ip6addr_string(ndo, pdu->prefix), - pdu->prefix_length, pdu->max_length, - EXTRACT_32BITS(pdu->as), pdu->flags)); + GET_IP6ADDR_STRING(pdu->prefix), + GET_U_1(pdu->prefix_length), GET_U_1(pdu->max_length), + GET_BE_U_4(pdu->as), GET_U_1(pdu->flags)); } break; @@ -249,51 +286,71 @@ rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent) const rpki_rtr_pdu_error_report *pdu; u_int encapsulated_pdu_length, text_length, tlen, error_code; + tlen = sizeof(rpki_rtr_pdu); + /* Do not test for the "Length of Error Text" data element yet. */ + if (pdu_len < tlen + 4) + goto invalid; pdu = (const rpki_rtr_pdu_error_report *)tptr; - encapsulated_pdu_length = EXTRACT_32BITS(pdu->encapsulated_pdu_length); - ND_TCHECK2(*tptr, encapsulated_pdu_length); - tlen = pdu_len; + encapsulated_pdu_length = GET_BE_U_4(pdu->encapsulated_pdu_length); + tlen += 4; + /* Safe up to and including the "Length of Encapsulated PDU" + * data element, more data elements may be present. + */ - error_code = EXTRACT_16BITS(pdu->pdu_header.u.error_code); - ND_PRINT((ndo, "%sError code: %s (%u), Encapsulated PDU length: %u", + error_code = GET_BE_U_2(pdu->pdu_header.u.error_code); + ND_PRINT("%sError code: %s (%u), Encapsulated PDU length: %u", indent_string(indent+2), tok2str(rpki_rtr_error_codes, "Unknown", error_code), - error_code, encapsulated_pdu_length)); - - tptr += sizeof(*pdu); - tlen -= sizeof(*pdu); - - /* - * Recurse if there is an encapsulated PDU. - */ - if (encapsulated_pdu_length && - (encapsulated_pdu_length <= tlen)) { - ND_PRINT((ndo, "%s-----encapsulated PDU-----", indent_string(indent+4))); - rpki_rtr_pdu_print(ndo, tptr, indent+2); + error_code, encapsulated_pdu_length); + + if (encapsulated_pdu_length) { + /* Section 5.10 of RFC 6810 says: + * "An Error Report PDU MUST NOT be sent for an Error Report PDU." + * + * However, as far as the protocol encoding goes Error Report PDUs can + * happen to be nested in each other, however many times, in which case + * the decoder should still print such semantically incorrect PDUs. + * + * That said, "the Erroneous PDU field MAY be truncated" (ibid), thus + * to keep things simple this implementation decodes only the two + * outermost layers of PDUs and makes bounds checks in the outer and + * the inner PDU independently. + */ + if (pdu_len < tlen + encapsulated_pdu_length) + goto invalid; + if (! recurse) { + ND_TCHECK_LEN(tptr, tlen + encapsulated_pdu_length); + } + else { + ND_PRINT("%s-----encapsulated PDU-----", indent_string(indent+4)); + rpki_rtr_pdu_print(ndo, tptr + tlen, + encapsulated_pdu_length, 0, indent + 2); + } + tlen += encapsulated_pdu_length; } - tptr += encapsulated_pdu_length; - tlen -= encapsulated_pdu_length; - + if (pdu_len < tlen + 4) + goto invalid; /* * Extract, trail-zero and print the Error message. */ - text_length = 0; - if (tlen > 4) { - text_length = EXTRACT_32BITS(tptr); - tptr += 4; - tlen -= 4; - } - ND_TCHECK2(*tptr, text_length); - if (text_length && (text_length <= tlen )) { - ND_PRINT((ndo, "%sError text: ", indent_string(indent+2))); - if (fn_printn(ndo, tptr, text_length, ndo->ndo_snapend)) - goto trunc; + text_length = GET_BE_U_4(tptr + tlen); + tlen += 4; + /* Safe up to and including the "Length of Error Text" data element, + * one more data element may be present. + */ + + if (text_length) { + if (pdu_len < tlen + text_length) + goto invalid; + ND_PRINT("%sError text: ", indent_string(indent+2)); + nd_printjn(ndo, tptr + tlen, text_length); } } break; default: + ND_TCHECK_LEN(tptr, pdu_len); /* * Unknown data, please hexdump. @@ -305,62 +362,25 @@ rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent) if (ndo->ndo_vflag > 1 || (ndo->ndo_vflag && hexdump)) { print_unknown_data(ndo,tptr,"\n\t ", pdu_len); } - return; + return pdu_len; - trunc: - ND_PRINT((ndo, "|trunc")); - return; +invalid: + nd_print_invalid(ndo); + ND_TCHECK_LEN(tptr, len); + return len; } void -rpki_rtr_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) +rpki_rtr_print(netdissect_options *ndo, const u_char *pptr, u_int len) { - u_int tlen, pdu_type, pdu_len; - const u_char *tptr; - const rpki_rtr_pdu *pdu_header; - - tptr = pptr; - tlen = len; - + ndo->ndo_protocol = "rpki_rtr"; if (!ndo->ndo_vflag) { - ND_PRINT((ndo, ", RPKI-RTR")); + ND_PRINT(", RPKI-RTR"); return; } - - while (tlen >= sizeof(rpki_rtr_pdu)) { - - ND_TCHECK2(*tptr, sizeof(rpki_rtr_pdu)); - - pdu_header = (const rpki_rtr_pdu *)tptr; - pdu_type = pdu_header->pdu_type; - pdu_len = EXTRACT_32BITS(pdu_header->length); - ND_TCHECK2(*tptr, pdu_len); - - /* infinite loop check */ - if (!pdu_type || !pdu_len) { - break; - } - - if (tlen < pdu_len) { - goto trunc; - } - - /* - * Print the PDU. - */ - rpki_rtr_pdu_print(ndo, tptr, 8); - - tlen -= pdu_len; - tptr += pdu_len; + while (len) { + u_int pdu_len = rpki_rtr_pdu_print(ndo, pptr, len, 1, 8); + len -= pdu_len; + pptr += pdu_len; } - return; - trunc: - ND_PRINT((ndo, "\n\t[|RPKI-RTR]")); } - -/* - * Local Variables: - * c-style: whitesmith - * c-basic-offset: 4 - * End: - */