]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6cd500c)
ESP: Delete a useless custom bounds check
authorFrancois-Xavier Le Bail <[email protected]>
Thu, 9 Jan 2025 15:35:53 +0000 (16:35 +0100)
committerfxlb <[email protected]>
Fri, 10 Jan 2025 07:38:01 +0000 (07:38 +0000)
The two GET_BE_U_4() perform the bounds checks.

Print the protocol name, with nd_print_protocol_caps(), before any
check.

Add a test file with a truncated ESP packet.

print-esp.c patch | blob | history
tests/TESTLIST patch | blob | history
tests/esp_truncated.out [new file with mode: 0644] patch | blob
tests/esp_truncated.pcap [new file with mode: 0644] patch | blob

diff --git a/print-esp.c b/print-esp.c
index 3f3fb591ccd0857bc551d79191f1ceac6f7ec7b3..d89fefbe3fbb86c3959282c575fdabb755131879 100644 (file)
--- a/print-esp.c
+++ b/print-esp.c
@@ -747,8 +747,8 @@ esp_print(netdissect_options *ndo,
          u_int ttl_hl USED_IF_LIBCRYPTO)
 {
        const struct newesp *esp;
          u_int ttl_hl USED_IF_LIBCRYPTO)
 {
        const struct newesp *esp;
-       const u_char *ep;
 #ifdef HAVE_LIBCRYPTO
 #ifdef HAVE_LIBCRYPTO
+       const u_char *ep;
        const struct ip *ip;
        struct sa_list *sa = NULL;
        const struct ip6_hdr *ip6 = NULL;
        const struct ip *ip;
        struct sa_list *sa = NULL;
        const struct ip6_hdr *ip6 = NULL;
@@ -764,18 +764,16 @@ esp_print(netdissect_options *ndo,
        ndo->ndo_protocol = "esp";
        esp = (const struct newesp *)bp;
 
        ndo->ndo_protocol = "esp";
        esp = (const struct newesp *)bp;
 
-       /* 'ep' points to the end of available data. */
-       ep = ndo->ndo_snapend;
+       nd_print_protocol_caps(ndo);
 
 
-       if ((const u_char *)(esp + 1) >= ep) {
-               nd_print_trunc(ndo);
-               return;
-       }
-       ND_PRINT("ESP(spi=0x%08x", GET_BE_U_4(esp->esp_spi));
+       ND_PRINT("(spi=0x%08x", GET_BE_U_4(esp->esp_spi));
        ND_PRINT(",seq=0x%x)", GET_BE_U_4(esp->esp_seq));
        ND_PRINT(", length %u", length);
 
 #ifdef HAVE_LIBCRYPTO
        ND_PRINT(",seq=0x%x)", GET_BE_U_4(esp->esp_seq));
        ND_PRINT(", length %u", length);
 
 #ifdef HAVE_LIBCRYPTO
+       /* 'ep' points to the end of available data. */
+       ep = ndo->ndo_snapend;
+
        /* initialize SAs */
        if (ndo->ndo_sa_list_head == NULL) {
                if (!ndo->ndo_espsecret)
        /* initialize SAs */
        if (ndo->ndo_sa_list_head == NULL) {
                if (!ndo->ndo_espsecret)
diff --git a/tests/TESTLIST b/tests/TESTLIST
index 86d8fc5b4aba3906f39e192ee51ff0d0969203c1..9cd74cf2132f2b1af170964820a7892a35c04d53 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -110,6 +110,7 @@ edsa-high-vid-e     edsa-high-vid.pcap      edsa-high-vid-e.out     -e
 
 # ESP tests
 esp0           02-sunrise-sunset-esp.pcap      esp0.out
 
 # ESP tests
 esp0           02-sunrise-sunset-esp.pcap      esp0.out
+esp_truncated esp_truncated.pcap esp_truncated.out
 # more ESP tests in crypto.tests
 
 # ISAKMP tests
 # more ESP tests in crypto.tests
 
 # ISAKMP tests
diff --git a/tests/esp_truncated.out b/tests/esp_truncated.out
new file mode 100644 (file)
index 0000000..2384136
--- /dev/null
+++ b/tests/esp_truncated.out
@@ -0,0 +1 @@
+    1  2020-11-19 12:07:26.999999 IP 0.254.92.182.4500 > 255.127.255.121.8472: UDP-encap: ESP(spi=0xc0f7d4c3 [|esp]
diff --git a/tests/esp_truncated.pcap b/tests/esp_truncated.pcap
new file mode 100644 (file)
index 0000000..1aa74fa
Binary files /dev/null and b/tests/esp_truncated.pcap differ
[mirror] the TCPdump network dissector