#include <config.h>
+#define ND_LONGJMP_FROM_TCHECK
#include "netdissect-stdinc.h"
#include "netdissect.h"
if (len > 1500 || len < 3 || type == 0 || type > MSDP_TYPE_MAX)
goto trunc; /* not really truncated, but still not decodable */
while (length != 0) {
+ unsigned int entry_count;
+
+ if (length < 3)
+ goto trunc;
type = GET_U_1(sp);
len = GET_BE_U_2(sp + 1);
if (len > 1400 || ndo->ndo_vflag)
goto trunc;
if (length < len)
goto trunc;
- sp += 3;
- length -= 3;
switch (type) {
case 1: /* IPv4 Source-Active */
case 3: /* IPv4 Source-Active Response */
ND_PRINT(" SA");
else
ND_PRINT(" SA-Response");
- ND_PRINT(" %u entries", GET_U_1(sp));
- if ((u_int)((GET_U_1(sp) * 12) + 8) < len) {
+
+ /* Entry Count */
+ if (len < 4)
+ goto trunc;
+ entry_count = GET_U_1(sp + 3);
+ ND_PRINT(" %u entries", entry_count);
+
+ /* RP Address */
+ if (len < 8)
+ goto trunc;
+ /* XXX -print this based on ndo_vflag? */
+ ND_TCHECK_LEN(sp + 4, 4);
+
+ /* Entries */
+ ND_TCHECK_LEN(sp + 8, entry_count*12);
+
+ if (len > (8 + entry_count*12)) {
+ /* Encapsulated IP packet */
ND_PRINT(" [w/data]");
if (ndo->ndo_vflag > 1) {
ND_PRINT(" ");
- ip_print(ndo, sp +
- GET_U_1(sp) * 12 + 8 - 3,
- len - (GET_U_1(sp) * 12 + 8));
+ ip_print(ndo, sp + (8 + entry_count*12),
+ len - (8 + entry_count*12));
}
}
break;
case 2:
+ /* draft-ietf-msdp-spec-13 */
ND_PRINT(" SA-Request");
- ND_PRINT(" for %s", GET_IPADDR_STRING(sp + 1));
+
+ /* Reserved */
+ if (len < 4)
+ goto trunc;
+ ND_TCHECK_1(sp + 3);
+
+ /* Group Address */
+ if (len < 8)
+ goto trunc;
+ if (len != 8)
+ ND_PRINT("[len=%u] ", len);
+ ND_PRINT(" for %s", GET_IPADDR_STRING(sp + 4));
break;
case 4:
ND_PRINT(" Keepalive");
ND_PRINT(" [type=%u len=%u]", type, len);
break;
}
- sp += (len - 3);
- length -= (len - 3);
+ ND_TCHECK_LEN(sp, len);
+ sp += len;
+ length -= len;
}
return;
trunc:
projects / tcpdump / commitdiff
