From: Francois-Xavier Le Bail Date: Mon, 15 Jan 2018 13:39:40 +0000 (+0100) Subject: Add sanity checks on packet header (packet length / capture length) X-Git-Tag: tcpdump-4.99-bp~1450 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/9e6ba479d8cee861a396cae59d7cf91bd3a5a563 Add sanity checks on packet header (packet length / capture length) For a valid packet: packet length != 0, capture length != 0, packet length >= capture length. Update the output of some tests accordingly. --- diff --git a/netdissect.h b/netdissect.h index 4c902f1b..5d81daae 100644 --- a/netdissect.h +++ b/netdissect.h @@ -195,6 +195,7 @@ struct netdissect_options { * LF, CR and SPACE as graphical chars */ int ndo_Hflag; /* dissect 802.11s draft mesh standard */ + int ndo_invalid_header; int ndo_packet_number; /* print a packet number in the beginning of line */ int ndo_suppress_default_print; /* don't use default_print() for unknown packet types */ int ndo_tstamp_precision; /* requested time stamp precision */ diff --git a/print.c b/print.c index ca231f14..36eceec3 100644 --- a/print.c +++ b/print.c @@ -317,6 +317,30 @@ pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h, if(ndo->ndo_packet_number) ND_PRINT("%5u ", packets_captured); + /* Sanity checks on packet length / capture length */ + ndo->ndo_invalid_header = 0; + if(h->caplen == 0) { + ndo->ndo_invalid_header = 1; + ND_PRINT("[Invalid header: caplen==0"); + } + if (h->len == 0) { + if (!ndo->ndo_invalid_header) { + ndo->ndo_invalid_header = 1; + ND_PRINT("[Invalid header:"); + } else + ND_PRINT(","); + ND_PRINT(" len==0"); + } else if (h->len < h->caplen) { + if (!ndo->ndo_invalid_header) { + ndo->ndo_invalid_header = 1; + ND_PRINT("[Invalid header:"); + } else + ND_PRINT(","); + ND_PRINT(" len(%u) < caplen(%u)", h->len, h->caplen); + } + if (ndo->ndo_invalid_header) + ND_PRINT("] "); + ts_print(ndo, &h->ts); /* diff --git a/tests/hncp_dhcpv4data-oobr.out b/tests/hncp_dhcpv4data-oobr.out index 7d558dd9..15f3db43 100644 --- a/tests/hncp_dhcpv4data-oobr.out +++ b/tests/hncp_dhcpv4data-oobr.out @@ -1,4 +1,4 @@ -IP truncated-ip - 260 bytes missing! (tos 0x12,ECT(0), ttl 48, id 21323, offset 0, flags [+, DF, rsvd], proto UDP (17), length 296, bad cksum 8e0f (->cd08)!) +[Invalid header: len(50) < caplen(79)] IP truncated-ip - 260 bytes missing! (tos 0x12,ECT(0), ttl 48, id 21323, offset 0, flags [+, DF, rsvd], proto UDP (17), length 296, bad cksum 8e0f (->cd08)!) 1.2.7.0.1812 > 128.253.0.96.8231: hncp (268) DHCPv4-Data (6) DNS-server (98) (invalid) diff --git a/tests/icmp6_mobileprefix_asan.out b/tests/icmp6_mobileprefix_asan.out index 0e0d97c3..1c4fec49 100644 --- a/tests/icmp6_mobileprefix_asan.out +++ b/tests/icmp6_mobileprefix_asan.out @@ -1,2 +1,2 @@ IP6 (class 0x50, flowlabel 0x0002c, hlim 0, next-header ICMPv6 (58) payload length: 7168) 4f:f829:c:1a1a:1a1a:1a1a:1a37:0 > 16:0:400:0:64fb:9303:f293:8200: ICMP6, mobile router advertisement, length 7168, id 0x9393[|icmp6] -[|ether] +[Invalid header: caplen==0, len==0] [|ether] diff --git a/tests/olsr-oobr-2.out b/tests/olsr-oobr-2.out index c2d4a8fe..ad4055c8 100644 --- a/tests/olsr-oobr-2.out +++ b/tests/olsr-oobr-2.out @@ -1,3 +1,3 @@ -[|ether] -[|ether] +[Invalid header: caplen==0] [|ether] +[Invalid header: caplen==0] [|ether] IP6 (flowlabel 0x06400, hlim 0, next-header UDP (17) payload length: 5401) 0:24::1e:a0a:141e.698 > 38fd:7f49:eaff:ffff:2025:7373:7562:2573.2: OLSRv6, seq 0x0201, length 5393[|olsr] diff --git a/tests/pim_header_asan-2.out b/tests/pim_header_asan-2.out index 576a8b7f..26d8e0fe 100644 --- a/tests/pim_header_asan-2.out +++ b/tests/pim_header_asan-2.out @@ -1,5 +1,5 @@ IP6 (class 0x76, flowlabel 0xf6767, hlim 109, next-header PIM (103) payload length: 13927) 6767:ff:ffff:ff67:6767:6778:6767:6767 > 6700:7f:e664:24:2424:2424:2424:25eb: PIMv2, length 13927 Register, RFC2117-encoding, cksum 0x4e23 (unverified), Flags [ none ] [|pim] -[|ether] -[|ether] +[Invalid header: caplen==0] [|ether] +[Invalid header: len==0] [|ether] diff --git a/tests/rpki-rtr-oob.out b/tests/rpki-rtr-oob.out index 19bbdc26..6102fedd 100644 --- a/tests/rpki-rtr-oob.out +++ b/tests/rpki-rtr-oob.out @@ -1,3 +1,3 @@ -IP truncated-ip - 22 bytes missing! (tos 0x0, ttl 254, id 13327, offset 0, flags [+, DF, rsvd], proto TCP (6), length 62, bad cksum 8e7f (->c283)!) +[Invalid header: len(54) < caplen(64)] IP truncated-ip - 22 bytes missing! (tos 0x0, ttl 254, id 13327, offset 0, flags [+, DF, rsvd], proto TCP (6), length 62, bad cksum 8e7f (->c283)!) 19.128.128.20.323 > 76.19.6.127.49600: Flags [none], seq 2684354563:2684354585, win 28672, length 22 RPKI-RTRv171 (unknown) diff --git a/tests/rx_ubik-oobr.out b/tests/rx_ubik-oobr.out index f192432d..c742855d 100644 --- a/tests/rx_ubik-oobr.out +++ b/tests/rx_ubik-oobr.out @@ -1 +1 @@ -IP truncated-ip - 2598 bytes missing! 222.241.104.198.3503 > 131.63.241.146.7002: rx data pt ubik call disk-lock tid 50266112.32382 file 2122216448 pos 545160708 length 1087685554 [|ubik] (2632) +[Invalid header: len(76) < caplen(94)] IP truncated-ip - 2598 bytes missing! 222.241.104.198.3503 > 131.63.241.146.7002: rx data pt ubik call disk-lock tid 50266112.32382 file 2122216448 pos 545160708 length 1087685554 [|ubik] (2632) diff --git a/tests/vtp_asan.out b/tests/vtp_asan.out index 17b682bf..0a576cad 100644 --- a/tests/vtp_asan.out +++ b/tests/vtp_asan.out @@ -1,6 +1,6 @@ FRF.16 Frag, seq 193, Flags [Begin, End], UI 08! VTPv69, Message Subset advertisement (0x02), length 2126400013 Domain name: , Seq number: 0[|vtp] -[|mfr] -[|mfr] -[|mfr] -[|mfr] +[Invalid header: caplen==0] [|mfr] +[Invalid header: caplen==0, len==0] [|mfr] +[Invalid header: caplen==0, len==0] [|mfr] +[Invalid header: caplen==0, len==0] [|mfr]