LISP: Add two length checks for "invalid" cases

Moreover:
Update a ND_ICHECK_U to ND_ICHECKMSG_U().
Add an "unsuported address family identifier" message.
Add two test cases (a pcap with two outputs, with/without -v).

diff --git a/print-lisp.c b/print-lisp.c
index 24255564d8dc3f5d16ad80fe9fd998629ffbe965..a2a458b8b49b605aac959a4a6f82ff49d47679d0 100644 (file)
--- a/print-lisp.c
+++ b/print-lisp.c
@@ -268,14 +268,18 @@ lisp_print(netdissect_options *ndo, const u_char *bp, u_int length)
                ND_PRINT("\n    %u record(s), ", record_count);
                ND_PRINT("Authentication %s,",
                         tok2str(auth_type, "unknown-type", key_id));
+               ND_ICHECKMSG_ZU("authentication data length", auth_data_len, >,
+                               length - MAP_REGISTER_HDR_LEN);
                hex_print(ndo, "\n    Authentication-Data: ",
                          bp + packet_offset, auth_data_len);
        } else {
                ND_PRINT(" %u record(s),", record_count);
+               ND_ICHECKMSG_ZU("authentication data length", auth_data_len, >,
+                               length - MAP_REGISTER_HDR_LEN);
        }
        packet_offset += auth_data_len;
 
-       ND_ICHECK_U(record_count, ==, 0);
+       ND_ICHECKMSG_U("record count", record_count, ==, 0);
 
        /* Print all the EID records */
        while ((length > packet_offset) && (record_count != 0)) {
@@ -310,6 +314,8 @@ lisp_print(netdissect_options *ndo, const u_char *bp, u_int length)
                        packet_offset += 16;
                        break;
                default:
+                       ND_PRINT(" [unsuported address family identifier %u]",
+                                eid_afi);
                        /*
                         * No support for LCAF right now.
                         */

diff --git a/tests/TESTLIST b/tests/TESTLIST
index a778b022a152542ab67c360f0a9cf7f2aef1491d..a6ffc3b0f341b2a07abfc689a66fa8f749af4393 100644 (file)
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -556,6 +556,8 @@ lisp_ipv6_eid               lisp_ipv6.pcap          lisp_ipv6.out
 lisp_eid_notify-v      lisp_eid_notify.pcap    lisp_eid_notify-v.out   -v
 lisp_eid_register-v    lisp_eid_register.pcap  lisp_eid_register-v.out -v
 lisp_ipv6_eid-v                lisp_ipv6.pcap          lisp_ipv6-v.out         -v
+lisp_invalid           lisp_invalid.pcap       lisp_invalid.out
+lisp_invalid-v         lisp_invalid.pcap       lisp_invalid-v.out      -v
 
 # NSH tests
 nsh                    nsh.pcap                nsh.out

diff --git a/tests/lisp_invalid-v.out b/tests/lisp_invalid-v.out
new file mode 100644 (file)
index 0000000..fc24a9b
--- /dev/null
+++ b/tests/lisp_invalid-v.out
@@ -0,0 +1,9 @@
+    1  2015-08-22 11:09:05.156268 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 160)
+    192.168.0.105.4342 > 127.0.0.1.4342: LISP-Map-Notify, flags [none],
+    3 record(s), Authentication SHA1,
+    Authentication-Data: 0x0000:  4bbb 9614 a67a 8604 0407 7995 4537 1906
+    Authentication-Data: 0x0010:  836c d1d6
+      Record TTL 1440, Authoritative, No-Action, Map Version: 0, [unsuported address family identifier 7680]
+    2  2015-08-22 11:09:05.615558 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 156)
+    192.168.0.105.4342 > 127.0.0.1.4342: LISP-Map-Notify, flags [I-xTR-ID-Present],
+    2 record(s), Authentication unknown-type, [authentication data length 35117 > 112] (invalid)

diff --git a/tests/lisp_invalid.out b/tests/lisp_invalid.out
new file mode 100644 (file)
index 0000000..8576e18
--- /dev/null
+++ b/tests/lisp_invalid.out
@@ -0,0 +1,3 @@
+    1  2015-08-22 11:09:05.156268 IP 192.168.0.105.4342 > 127.0.0.1.4342: LISP-Map-Notify, 3 record(s),
+ [unsuported address family identifier 7680]
+    2  2015-08-22 11:09:05.615558 IP 192.168.0.105.4342 > 127.0.0.1.4342: LISP-Map-Notify, 2 record(s), [authentication data length 35117 > 112] (invalid)

diff --git a/tests/lisp_invalid.pcap b/tests/lisp_invalid.pcap
new file mode 100644 (file)
index 0000000..7517d81
Binary files /dev/null and b/tests/lisp_invalid.pcap differ