Check, and use, the supplied packet length in the PPPoE dissector. (It
reflects the actual packet length; snapend reflects the captured packet
length.)
As we're now doing bounds checks with TCHECK, the loop over the tagged
fields doesn't have to check against snapend.
#ifndef lint
static const char rcsid[] _U_ =
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.142 2004-07-16 14:05:59 hannes Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/tcpdump/print-ip.c,v 1.143 2004-08-27 03:57:40 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#endif
#ifdef HAVE_CONFIG_H
return;
}
if (length < sizeof (struct ip)) {
return;
}
if (length < sizeof (struct ip)) {
- (void)printf("truncated-ip %d", length);
+ (void)printf("truncated-ip %u", length);
return;
}
hlen = IP_HL(ip) * 4;
return;
}
hlen = IP_HL(ip) * 4;
#ifndef lint
static const char rcsid[] _U_ =
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-ip6.c,v 1.44 2004-07-16 14:06:00 hannes Exp $";
+ "@(#) $Header: /tcpdump/master/tcpdump/print-ip6.c,v 1.45 2004-08-27 03:57:41 guy Exp $";
#endif
#ifdef HAVE_CONFIG_H
#endif
#ifdef HAVE_CONFIG_H
TCHECK(*ip6);
if (length < sizeof (struct ip6_hdr)) {
TCHECK(*ip6);
if (length < sizeof (struct ip6_hdr)) {
- (void)printf("truncated-ip6 %d", length);
+ (void)printf("truncated-ip6 %u", length);
payload_len = EXTRACT_16BITS(&ip6->ip6_plen);
len = payload_len + sizeof(struct ip6_hdr);
if (length < len)
payload_len = EXTRACT_16BITS(&ip6->ip6_plen);
len = payload_len + sizeof(struct ip6_hdr);
if (length < len)
- (void)printf("truncated-ip6 - %d bytes missing!",
+ (void)printf("truncated-ip6 - %u bytes missing!",
len - length);
if (vflag) {
len - length);
if (vflag) {
#ifndef lint
static const char rcsid[] _U_ =
#ifndef lint
static const char rcsid[] _U_ =
-"@(#) $Header: /tcpdump/master/tcpdump/print-pppoe.c,v 1.29 2004-08-27 03:28:58 guy Exp $ (LBL)";
+"@(#) $Header: /tcpdump/master/tcpdump/print-pppoe.c,v 1.30 2004-08-27 03:57:41 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#endif
#ifdef HAVE_CONFIG_H
u_int
pppoe_print(register const u_char *bp, u_int length)
{
u_int
pppoe_print(register const u_char *bp, u_int length)
{
- u_short pppoe_ver, pppoe_type, pppoe_code, pppoe_sessionid, pppoe_length;
+ u_int16_t pppoe_ver, pppoe_type, pppoe_code, pppoe_sessionid;
+ u_int pppoe_length;
const u_char *pppoe_packet, *pppoe_payload;
const u_char *pppoe_packet, *pppoe_payload;
+ if (length < PPPOE_HDRLEN) {
+ (void)printf("truncated-pppoe %u", length);
+ return (length);
+ }
+ length -= PPPOE_HDRLEN;
pppoe_packet = bp;
TCHECK2(*pppoe_packet, PPPOE_HDRLEN);
pppoe_ver = (pppoe_packet[0] & 0xF0) >> 4;
pppoe_packet = bp;
TCHECK2(*pppoe_packet, PPPOE_HDRLEN);
pppoe_ver = (pppoe_packet[0] & 0xF0) >> 4;
pppoe_length = EXTRACT_16BITS(pppoe_packet + 4);
pppoe_payload = pppoe_packet + PPPOE_HDRLEN;
pppoe_length = EXTRACT_16BITS(pppoe_packet + 4);
pppoe_payload = pppoe_packet + PPPOE_HDRLEN;
- if (snapend < pppoe_payload) {
- printf(" truncated PPPoE");
- return (PPPOE_HDRLEN);
- }
-
if (pppoe_ver != 1) {
printf(" [ver %d]",pppoe_ver);
}
if (pppoe_ver != 1) {
printf(" [ver %d]",pppoe_ver);
}
printf("PPPoE %s", tok2str(pppoecode2str, "PAD-%x", pppoe_code));
if (pppoe_code == PPPOE_PADI && pppoe_length > 1484 - PPPOE_HDRLEN) {
printf("PPPoE %s", tok2str(pppoecode2str, "PAD-%x", pppoe_code));
if (pppoe_code == PPPOE_PADI && pppoe_length > 1484 - PPPOE_HDRLEN) {
- printf(" [len %d!]",pppoe_length);
+ printf(" [len %u!]",pppoe_length);
+ }
+ if (pppoe_length > length) {
+ printf(" [len %u > %u!]", pppoe_length, length);
+ pppoe_length = length;
}
if (pppoe_sessionid) {
printf(" [ses 0x%x]", pppoe_sessionid);
}
}
if (pppoe_sessionid) {
printf(" [ses 0x%x]", pppoe_sessionid);
}
- if (pppoe_payload + pppoe_length < snapend && snapend-pppoe_payload+14 > 64) {
+ if (pppoe_length < length && length + ETHER_HDRLEN > 60) {
/* (small packets are probably just padded up to the ethernet
/* (small packets are probably just padded up to the ethernet
- minimum of 64 bytes) */
- printf(" [length %d (%d extra bytes)]",
- pppoe_length, snapend - pppoe_payload - pppoe_length);
+ minimum of 60 bytes of data + 4 bytes of CRC) */
+ printf(" [length %u (%u extra bytes)]",
+ pppoe_length, length - pppoe_length);
#if RESPECT_PAYLOAD_LENGTH
#if RESPECT_PAYLOAD_LENGTH
- snapend = pppoe_payload+pppoe_length;
+ if (snaplend > pppoe_payload+pppoe_length)
+ snapend = pppoe_payload+pppoe_length;
#else
/* Actual PPPoE implementations appear to ignore the payload
length and use the full ethernet frame anyways */
#else
/* Actual PPPoE implementations appear to ignore the payload
length and use the full ethernet frame anyways */
- pppoe_length = snapend-pppoe_payload;
- * p points to next tag,
+ * p points to current tag,
* tag_type is previous tag or 0xffff for first iteration
*/
* tag_type is previous tag or 0xffff for first iteration
*/
- while (tag_type && p + 4 < pppoe_payload + length &&
- p + 4 < snapend) {
+ while (tag_type && p < pppoe_payload + pppoe_length) {
TCHECK2(*p, 4);
tag_type = EXTRACT_16BITS(p);
tag_len = EXTRACT_16BITS(p + 2);
TCHECK2(*p, 4);
tag_type = EXTRACT_16BITS(p);
tag_len = EXTRACT_16BITS(p + 2);
projects / tcpdump / commitdiff
