]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f60ddc5)
RT6: Add a bounds check for the PadN TLV in Segment Routing Header
authorFrancois-Xavier Le Bail <[email protected]>
Fri, 15 Nov 2024 12:54:35 +0000 (13:54 +0100)
committerfxlb <[email protected]>
Fri, 15 Nov 2024 19:28:46 +0000 (19:28 +0000)
Define ND_LONGJMP_FROM_TCHECK.

Add a test file.

print-rt6.c patch | blob | history
tests/TESTLIST patch | blob | history
tests/ipv6-srh-tlv-pad1-padn-5-trunc.out [new file with mode: 0644] patch | blob
tests/ipv6-srh-tlv-pad1-padn-5-trunc.pcap [new file with mode: 0644] patch | blob

diff --git a/print-rt6.c b/print-rt6.c
index 41a14e2e53311f999523a7934044721bffc4bdc2..edbcd96d5997746bccf287a430df7a1d9782a1d8 100644 (file)
--- a/print-rt6.c
+++ b/print-rt6.c
@@ -25,6 +25,7 @@
 
 #include "netdissect-stdinc.h"
 
+#define ND_LONGJMP_FROM_TCHECK
 #include "netdissect.h"
 #include "addrtoname.h"
 #include "extract.h"
@@ -65,6 +66,7 @@ srh_tlv_print(netdissect_options *ndo, const u_char *p, u_int bytes_left)
                case IPV6_SRH_TLV_PADN:
                        ND_ICHECKMSG_U("PadN length", tlv_len, >, 5); /* RFC 8754 */
                        ND_ICHECKMSG_U("remaining length", bytes_left, <, tlv_len);
+                       ND_TCHECK_LEN(p, tlv_len);
                        p += tlv_len;
                        bytes_left -= tlv_len;
                        break;
diff --git a/tests/TESTLIST b/tests/TESTLIST
index 9117344ad5a6ee3bc6514a65e7993764527ed5fb..2720b632e3ca1d2b1e9c223f3182ded156cfc4c0 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -392,6 +392,7 @@ ipv6-srh-tlv-hmac ipv6-srh-tlv-hmac.pcap ipv6-srh-tlv-hmac.out
 ipv6-srh-tlv-hmac-v ipv6-srh-tlv-hmac.pcap ipv6-srh-tlv-hmac-v.out -v
 ipv6-srh-tlv-pad1-padn-5 ipv6-srh-tlv-pad1-padn-5.pcap ipv6-srh-tlv-pad1-padn-5.out
 ipv6-srh-tlv-pad1-padn-5-v ipv6-srh-tlv-pad1-padn-5.pcap ipv6-srh-tlv-pad1-padn-5-v.out -v
+ipv6-srh-tlv-pad1-padn-5-trunc ipv6-srh-tlv-pad1-padn-5-trunc.pcap ipv6-srh-tlv-pad1-padn-5-trunc.out
 ipv6_invalid_length ipv6_invalid_length.pcap ipv6_invalid_length.out
 ipv6_invalid_length_2 ipv6_invalid_length_2.pcap ipv6_invalid_length_2.out -v
 ipv6_jumbogram_invalid_length ipv6_jumbogram_invalid_length.pcap ipv6_jumbogram_invalid_length.out -v
diff --git a/tests/ipv6-srh-tlv-pad1-padn-5-trunc.out b/tests/ipv6-srh-tlv-pad1-padn-5-trunc.out
new file mode 100644 (file)
index 0000000..ff8069c
--- /dev/null
+++ b/tests/ipv6-srh-tlv-pad1-padn-5-trunc.out
@@ -0,0 +1 @@
+    1  2022-11-11 17:47:55.4294964993 IP6 2001:db8:1::1 > cafe:1::2: RT6 (len=3, type=4, segleft=0, last-entry=0, tag=0, [0]cafe:1::2, TLV-type=Pad1(0), TLV-type=PadN(4), TLV-len=5 [|rt6]
diff --git a/tests/ipv6-srh-tlv-pad1-padn-5-trunc.pcap b/tests/ipv6-srh-tlv-pad1-padn-5-trunc.pcap
new file mode 100644 (file)
index 0000000..504c2c4
Binary files /dev/null and b/tests/ipv6-srh-tlv-pad1-padn-5-trunc.pcap differ
[mirror] the TCPdump network dissector