From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Thu, 9 Jan 2025 15:35:53 +0000 (+0100)
Subject: ESP: Delete a useless custom bounds check
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/9aee9964aaee40750acde45f838f48eb8f95fbe3

ESP: Delete a useless custom bounds check

The two GET_BE_U_4() perform the bounds checks.

Print the protocol name, with nd_print_protocol_caps(), before any
check.

Add a test file with a truncated ESP packet.
---

diff --git a/print-esp.c b/print-esp.c
index 3f3fb591..d89fefbe 100644
--- a/print-esp.c
+++ b/print-esp.c
@@ -747,8 +747,8 @@ esp_print(netdissect_options *ndo,
 	  u_int ttl_hl USED_IF_LIBCRYPTO)
 {
 	const struct newesp *esp;
-	const u_char *ep;
 #ifdef HAVE_LIBCRYPTO
+	const u_char *ep;
 	const struct ip *ip;
 	struct sa_list *sa = NULL;
 	const struct ip6_hdr *ip6 = NULL;
@@ -764,18 +764,16 @@ esp_print(netdissect_options *ndo,
 	ndo->ndo_protocol = "esp";
 	esp = (const struct newesp *)bp;
 
-	/* 'ep' points to the end of available data. */
-	ep = ndo->ndo_snapend;
+	nd_print_protocol_caps(ndo);
 
-	if ((const u_char *)(esp + 1) >= ep) {
-		nd_print_trunc(ndo);
-		return;
-	}
-	ND_PRINT("ESP(spi=0x%08x", GET_BE_U_4(esp->esp_spi));
+	ND_PRINT("(spi=0x%08x", GET_BE_U_4(esp->esp_spi));
 	ND_PRINT(",seq=0x%x)", GET_BE_U_4(esp->esp_seq));
 	ND_PRINT(", length %u", length);
 
 #ifdef HAVE_LIBCRYPTO
+	/* 'ep' points to the end of available data. */
+	ep = ndo->ndo_snapend;
+
 	/* initialize SAs */
 	if (ndo->ndo_sa_list_head == NULL) {
 		if (!ndo->ndo_espsecret)
diff --git a/tests/TESTLIST b/tests/TESTLIST
index 86d8fc5b..9cd74cf2 100644
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -110,6 +110,7 @@ edsa-high-vid-e	edsa-high-vid.pcap	edsa-high-vid-e.out	-e
 
 # ESP tests
 esp0		02-sunrise-sunset-esp.pcap	esp0.out
+esp_truncated esp_truncated.pcap esp_truncated.out
 # more ESP tests in crypto.tests
 
 # ISAKMP tests
diff --git a/tests/esp_truncated.out b/tests/esp_truncated.out
new file mode 100644
index 00000000..23841362
--- /dev/null
+++ b/tests/esp_truncated.out
@@ -0,0 +1 @@
+    1  2020-11-19 12:07:26.999999 IP 0.254.92.182.4500 > 255.127.255.121.8472: UDP-encap: ESP(spi=0xc0f7d4c3 [|esp]
diff --git a/tests/esp_truncated.pcap b/tests/esp_truncated.pcap
new file mode 100644
index 00000000..1aa74fab
Binary files /dev/null and b/tests/esp_truncated.pcap differ