From: Guy Harris <guy@alum.mit.edu>
Date: Sat, 23 Dec 2017 17:20:10 +0000 (-0800)
Subject: Make 1-element arrays for fields that may repeat.
X-Git-Tag: tcpdump-4.99-bp~1589
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/96afbce6fc40e89e4f215db5838ae00979185e11

Make 1-element arrays for fields that may repeat.

For various opaque LSAs, not only is the value of the TLV a "may
repeat", the TLVs *themselves* may repeat.

Also, pass a pointer to the TLV to ospf_print_grace_lsa() and
ospf_print_te_lsa(), rather than a pointer to the type field, as they
dissect a sequence of TLVs.

Hopefully, that will address Coverity CID 1426916, 1426917, and 1426920.
---

diff --git a/ospf.h b/ospf.h
index 4dca0af3..ae7d2f94 100644
--- a/ospf.h
+++ b/ospf.h
@@ -230,21 +230,21 @@ struct lsa {
 	    nd_uint16_t type;
 	    nd_uint16_t length;
 	    nd_byte     data[1]; /* may repeat   */
-	} un_te_lsa_tlv;
+	} un_te_lsa_tlv[1]; /* may repeat */
 
         /* Opaque Grace LSA */
         struct {
 	    nd_uint16_t type;
 	    nd_uint16_t length;
 	    nd_byte     data[1]; /* may repeat   */
-	} un_grace_tlv;
+	} un_grace_tlv[1]; /* may repeat */
 
         /* Opaque Router information LSA */
         struct {
 	    nd_uint16_t type;
 	    nd_uint16_t length;
 	    nd_byte     data[1]; /* may repeat   */
-	} un_ri_tlv;
+	} un_ri_tlv[1]; /* may repeat */
 
         /* Unknown LSA */
         struct unknown {
diff --git a/print-ospf.c b/print-ospf.c
index 113ecde6..921bed0c 100644
--- a/print-ospf.c
+++ b/print-ospf.c
@@ -804,7 +804,7 @@ ospf_print_lsa(netdissect_options *ndo,
 
 	    switch (EXTRACT_U_1(lsap->ls_hdr.un_lsa_id.opaque_field.opaque_type)) {
             case LS_OPAQUE_TYPE_RI:
-		tptr = (const uint8_t *)(&lsap->lsa_un.un_ri_tlv.type);
+		tptr = (const uint8_t *)(lsap->lsa_un.un_ri_tlv);
 
 		while (ls_length != 0) {
                     ND_TCHECK_4(tptr);
@@ -852,14 +852,14 @@ ospf_print_lsa(netdissect_options *ndo,
                 break;
 
             case LS_OPAQUE_TYPE_GRACE:
-                if (ospf_print_grace_lsa(ndo, (const uint8_t *)(&lsap->lsa_un.un_grace_tlv.type),
+                if (ospf_print_grace_lsa(ndo, (const uint8_t *)(lsap->lsa_un.un_grace_tlv),
                                          ls_length) == -1) {
                     return(ls_end);
                 }
                 break;
 
 	    case LS_OPAQUE_TYPE_TE:
-                if (ospf_print_te_lsa(ndo, (const uint8_t *)(&lsap->lsa_un.un_te_lsa_tlv.type),
+                if (ospf_print_te_lsa(ndo, (const uint8_t *)(lsap->lsa_un.un_te_lsa_tlv),
                                       ls_length) == -1) {
                     return(ls_end);
                 }