X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/e5e64498bb8fd83919d4e7f854224a1e459e4ab0..69cb46af9119e8b5554bcc4bf1bf36f39cb82131:/print-cdp.c diff --git a/print-cdp.c b/print-cdp.c index a2c3caba..c28bd882 100644 --- a/print-cdp.c +++ b/print-cdp.c @@ -24,7 +24,6 @@ * http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm */ -#define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" #endif @@ -40,8 +39,14 @@ static const char tstr[] = "[|cdp]"; -#define CDP_HEADER_LEN 4 -#define CDP_HEADER_OFFSET 2 +#define CDP_HEADER_LEN 4 +#define CDP_HEADER_VERSION_OFFSET 0 +#define CDP_HEADER_TTL_OFFSET 1 +#define CDP_HEADER_CHECKSUM_OFFSET 2 + +#define CDP_TLV_HEADER_LEN 4 +#define CDP_TLV_TYPE_OFFSET 0 +#define CDP_TLV_LEN_OFFSET 2 static const struct tok cdp_tlv_values[] = { { 0x01, "Device-ID"}, @@ -98,16 +103,17 @@ cdp_print(netdissect_options *ndo, tptr = pptr; /* temporary pointer */ ND_TCHECK2(*tptr, CDP_HEADER_LEN); - ND_PRINT((ndo, "CDPv%u, ttl: %us", *tptr, *(tptr + 1))); + ND_PRINT((ndo, "CDPv%u, ttl: %us", *(tptr + CDP_HEADER_VERSION_OFFSET), + *(tptr + CDP_HEADER_TTL_OFFSET))); if (ndo->ndo_vflag) - ND_PRINT((ndo, ", checksum: 0x%04x (unverified), length %u", EXTRACT_16BITS(tptr+CDP_HEADER_OFFSET), length)); + ND_PRINT((ndo, ", checksum: 0x%04x (unverified), length %u", EXTRACT_16BITS(tptr+CDP_HEADER_CHECKSUM_OFFSET), length)); tptr += CDP_HEADER_LEN; while (tptr < (pptr+length)) { - ND_TCHECK2(*tptr, CDP_HEADER_LEN); /* read out Type and Length */ - type = EXTRACT_16BITS(tptr); - len = EXTRACT_16BITS(tptr+CDP_HEADER_OFFSET); /* object length includes the 4 bytes header length */ - if (len < CDP_HEADER_LEN) { + ND_TCHECK2(*tptr, CDP_TLV_HEADER_LEN); /* read out Type and Length */ + type = EXTRACT_16BITS(tptr+CDP_TLV_TYPE_OFFSET); + len = EXTRACT_16BITS(tptr+CDP_TLV_LEN_OFFSET); /* object length includes the 4 bytes header length */ + if (len < CDP_TLV_HEADER_LEN) { if (ndo->ndo_vflag) ND_PRINT((ndo, "\n\t%s (0x%02x), TLV length: %u byte%s (too short)", tok2str(cdp_tlv_values,"unknown field type", type), @@ -120,8 +126,8 @@ cdp_print(netdissect_options *ndo, len)); break; } - tptr += CDP_HEADER_LEN; - len -= CDP_HEADER_LEN; + tptr += CDP_TLV_HEADER_LEN; + len -= CDP_TLV_HEADER_LEN; ND_TCHECK2(*tptr, len); @@ -140,7 +146,7 @@ cdp_print(netdissect_options *ndo, if (!ndo->ndo_vflag) ND_PRINT((ndo, ", Device-ID ")); ND_PRINT((ndo, "'")); - fn_printn(ndo, tptr, len, NULL); + (void)fn_printn(ndo, tptr, len, NULL); ND_PRINT((ndo, "'")); break; case 0x02: /* Address */ @@ -149,10 +155,12 @@ cdp_print(netdissect_options *ndo, break; case 0x03: /* Port-ID */ ND_PRINT((ndo, "'")); - fn_printn(ndo, tptr, len, NULL); + (void)fn_printn(ndo, tptr, len, NULL); ND_PRINT((ndo, "'")); break; case 0x04: /* Capabilities */ + if (len < 4) + goto trunc; ND_PRINT((ndo, "(0x%08x): %s", EXTRACT_32BITS(tptr), bittok2str(cdp_capability_values, "none", EXTRACT_32BITS(tptr)))); @@ -162,13 +170,13 @@ cdp_print(netdissect_options *ndo, for (i=0;i 1) { ND_PRINT((ndo, "/")); - fn_printn(ndo, tptr + 1, len - 1, NULL); + (void)fn_printn(ndo, tptr + 1, len - 1, NULL); } break; default: @@ -261,7 +283,9 @@ cdp_print_addr(netdissect_options *ndo, }; #endif - ND_TCHECK2(*p, 2); + ND_TCHECK2(*p, 4); + if (p + 4 > endp) + goto trunc; num = EXTRACT_32BITS(p); p += 4;