FRF.16: Add a length check

The specification says in a well-formed Magic Number Information Element
the data is exactly 4 bytes long. This gives a more accurate output.

Update the output of a test accordingly.

Partial update from aa3e54f594385ce7e1e319b0c84999e51192578b
in 4.9 branch.

diff --git a/print-fr.c b/print-fr.c
index 22561a23a62a0e72bf9f424a29cc5939a4ecbe97..a7ea98a1556d5854bdc2df81d983f10c4dd34b4b 100644 (file)
--- a/print-fr.c
+++ b/print-fr.c
@@ -495,6 +495,12 @@ mfr_print(netdissect_options *ndo,
             switch (ie_type) {
 
             case MFR_CTRL_IE_MAGIC_NUM:
+                /* FRF.16.1 Section 3.4.3 Magic Number Information Element */
+                if (ie_len != 4) {
+                    ND_PRINT("[IE data length %d != 4]", ie_len);
+                    nd_print_invalid(ndo);
+                    break;
+                }
                 ND_PRINT("0x%08x", GET_BE_U_4(tptr));
                 break;
 

diff --git a/tests/frf16_magic_ie-oobr.out b/tests/frf16_magic_ie-oobr.out
index d3bc971cf85117b6ebbfb0d3c1c9c35fc99ada33..3bdf2a2f1b92669411bdf8aeeaaec3f3730ec45d 100644 (file)
--- a/tests/frf16_magic_ie-oobr.out
+++ b/tests/frf16_magic_ie-oobr.out
@@ -1,2 +1,2 @@
     1  [Error converting time] FRF.16 Control, Flags [Begin, End, Control], Unknown Message (0x00), length 262144
-       IE Magic Number (3), length 3:  [|mfr]
+       IE Magic Number (3), length 3: [IE data length 1 != 4] (invalid) [|mfr]