From: Guy Harris Date: Tue, 26 May 2020 06:48:21 +0000 (-0700) Subject: rsvp: add error messages for too-short items. X-Git-Tag: tcpdump-4.99-bp~376 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/a187e3183e40008ce50c4565caa47303dfbb51d2?ds=sidebyside rsvp: add error messages for too-short items. Update the output file for tests. --- diff --git a/print-rsvp.c b/print-rsvp.c index c482ca93..4254881d 100644 --- a/print-rsvp.c +++ b/print-rsvp.c @@ -751,7 +751,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 DestAddress: %s, Protocol ID: 0x%02x", indent, GET_IPADDR_STRING(obj_tptr), @@ -765,7 +765,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv6 DestAddress: %s, Protocol ID: 0x%02x", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -780,7 +780,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_TUNNEL_IPV6: if (obj_tlen < 36) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv6 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -792,7 +792,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_14: /* IPv6 p2mp LSP Tunnel */ if (obj_tlen < 26) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv6 P2MP LSP ID: 0x%08x, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", indent, GET_BE_U_4(obj_tptr), @@ -803,7 +803,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_13: /* IPv4 p2mp LSP Tunnel */ if (obj_tlen < 12) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 P2MP LSP ID: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", indent, GET_IPADDR_STRING(obj_tptr), @@ -815,7 +815,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_TUNNEL_IPV4: case RSVP_CTYPE_UNI_IPV4: if (obj_tlen < 12) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s", indent, GET_IPADDR_STRING(obj_tptr), @@ -833,7 +833,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < sizeof(nd_ipv4)) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 Receiver Address: %s", indent, GET_IPADDR_STRING(obj_tptr)); @@ -842,7 +842,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < sizeof(nd_ipv6)) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv6 Receiver Address: %s", indent, GET_IP6ADDR_STRING(obj_tptr)); @@ -858,7 +858,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < sizeof(nd_ipv4)) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 Notify Node Address: %s", indent, GET_IPADDR_STRING(obj_tptr)); @@ -867,7 +867,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < sizeof(nd_ipv6)) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv6 Notify Node Address: %s", indent, GET_IP6ADDR_STRING(obj_tptr)); @@ -893,7 +893,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_2: if (obj_tlen < 4) - return -1; + goto obj_tooshort; ND_PRINT("%s Generalized Label: %u", indent, GET_BE_U_4(obj_tptr)); @@ -902,7 +902,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_3: if (obj_tlen < 12) - return -1; + goto obj_tooshort; ND_PRINT("%s Waveband ID: %u%s Start Label: %u, Stop Label: %u", indent, GET_BE_U_4(obj_tptr), @@ -921,7 +921,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return -1; + goto obj_tooshort; ND_PRINT("%s Reservation Style: %s, Flags: [0x%02x]", indent, tok2str(rsvp_resstyle_values, @@ -940,7 +940,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return -1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, Source Port: %u", indent, GET_IPADDR_STRING(obj_tptr), @@ -950,7 +950,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return -1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, Source Port: %u", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -960,7 +960,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_13: /* IPv6 p2mp LSP tunnel */ if (obj_tlen < 40) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", indent, @@ -974,7 +974,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 8) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 Tunnel Sender Address: %s, LSP-ID: 0x%04x", indent, GET_IPADDR_STRING(obj_tptr), @@ -984,7 +984,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_12: /* IPv4 p2mp LSP tunnel */ if (obj_tlen < 16) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", indent, @@ -1016,7 +1016,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_2: if (obj_tlen < 12) - return -1; + goto obj_tooshort; ND_PRINT("%s L3 Protocol ID: %s", indent, tok2str(ethertype_values, @@ -1037,7 +1037,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_3: if (obj_tlen < 12) - return -1; + goto obj_tooshort; ND_PRINT("%s L3 Protocol ID: %s", indent, tok2str(ethertype_values, @@ -1054,7 +1054,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_4: if (obj_tlen < 4) - return -1; + goto obj_tooshort; ND_PRINT("%s LSP Encoding Type: %s (%u)", indent, tok2str(gmpls_encoding_values, @@ -1158,7 +1158,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_1: case RSVP_CTYPE_2: if (obj_tlen < 8) - return -1; + goto obj_tooshort; ND_PRINT("%s Source Instance: 0x%08x, Destination Instance: 0x%08x", indent, GET_BE_U_4(obj_tptr), @@ -1175,7 +1175,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 8) - return -1; + goto obj_tooshort; ND_PRINT("%s Restart Time: %ums, Recovery Time: %ums", indent, GET_BE_U_4(obj_tptr), @@ -1192,7 +1192,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return -1; + goto obj_tooshort; uint32_t unused_and_flags = GET_BE_U_4(obj_tptr); if (unused_and_flags & ~RSVP_OBJ_CAPABILITY_FLAGS_MASK) ND_PRINT("%s [reserved=0x%08x must be zero]", indent, @@ -1214,10 +1214,10 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 4) - return -1; + goto obj_tooshort; namelen = GET_U_1(obj_tptr + 3); if (obj_tlen < 4+namelen) - return -1; + goto obj_tooshort; ND_PRINT("%s Session Name: ", indent); for (i = 0; i < namelen; i++) fn_print_char(ndo, GET_U_1(obj_tptr + 4 + i)); @@ -1244,7 +1244,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_1: if (obj_tlen < 4) - return -1; + goto obj_tooshort; /* read variable length subobjects */ total_subobj_len = obj_tlen; @@ -1308,13 +1308,13 @@ rsvp_obj_print(netdissect_options *ndo, switch(af) { case AFNUM_INET: if (subobj_len < 8) - return -1; + goto subobj_tooshort; ND_PRINT("%s UNI IPv4 TNA address: %s", indent, GET_IPADDR_STRING(obj_tptr + 4)); break; case AFNUM_INET6: if (subobj_len < 20) - return -1; + goto subobj_tooshort; ND_PRINT("%s UNI IPv6 TNA address: %s", indent, GET_IP6ADDR_STRING(obj_tptr + 4)); break; @@ -1336,7 +1336,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_GEN_UNI_SUBOBJ_EGRESS_LABEL: if (subobj_len < 16) { - return -1; + goto subobj_tooshort; } ND_PRINT("%s U-bit: %x, Label type: %u, Logical port id: %u, Label: %u", @@ -1349,7 +1349,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_GEN_UNI_SUBOBJ_SERVICE_LEVEL: if (subobj_len < 8) { - return -1; + goto subobj_tooshort; } ND_PRINT("%s Service level: %u", @@ -1376,7 +1376,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_3: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return -1; + goto obj_tooshort; ND_PRINT("%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x", indent, GET_IPADDR_STRING(obj_tptr), @@ -1389,7 +1389,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_4: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return -1; + goto obj_tooshort; ND_PRINT("%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -1407,7 +1407,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return -1; + goto obj_tooshort; ND_PRINT("%s Refresh Period: %ums", indent, GET_BE_U_4(obj_tptr)); @@ -1426,7 +1426,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_2: if (obj_tlen < 4) - return -1; + goto obj_tooshort; ND_PRINT("%s Msg-Version: %u, length: %u", indent, (GET_U_1(obj_tptr) & 0xf0) >> 4, @@ -1465,7 +1465,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return -1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, Source Port: %u", indent, GET_IPADDR_STRING(obj_tptr), @@ -1475,7 +1475,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return -1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, Source Port: %u", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -1485,7 +1485,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_3: if (obj_tlen < 20) - return -1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, Flow Label: %u", indent, GET_IP6ADDR_STRING(obj_tptr), @@ -1495,7 +1495,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_TUNNEL_IPV6: if (obj_tlen < 20) - return -1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, LSP-ID: 0x%04x", indent, GET_IPADDR_STRING(obj_tptr), @@ -1505,7 +1505,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_13: /* IPv6 p2mp LSP tunnel */ if (obj_tlen < 40) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", indent, @@ -1519,7 +1519,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 8) - return -1; + goto obj_tooshort; ND_PRINT("%s Source Address: %s, LSP-ID: 0x%04x", indent, GET_IPADDR_STRING(obj_tptr), @@ -1529,7 +1529,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_12: /* IPv4 p2mp LSP tunnel */ if (obj_tlen < 16) - return -1; + goto obj_tooshort; ND_PRINT("%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x" "%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x", indent, @@ -1553,7 +1553,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: /* new style */ if (obj_tlen < sizeof(struct rsvp_obj_frr_t)) - return -1; + goto obj_tooshort; bw.i = GET_BE_U_4(obj_ptr.rsvp_obj_frr->bandwidth); ND_PRINT("%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps", indent, @@ -1572,7 +1572,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_TUNNEL_IPV4: /* old style */ if (obj_tlen < 16) - return -1; + goto obj_tooshort; bw.i = GET_BE_U_4(obj_ptr.rsvp_obj_frr->bandwidth); ND_PRINT("%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps", indent, @@ -1615,7 +1615,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return -1; + goto obj_tooshort; ND_PRINT("%s CT: %u", indent, GET_BE_U_4(obj_tptr) & 0x7); @@ -1632,7 +1632,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_3: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV4: if (obj_tlen < 8) - return -1; + goto obj_tooshort; error_code=GET_U_1(obj_tptr + 5); error_value=GET_BE_U_2(obj_tptr + 6); ND_PRINT("%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)", @@ -1664,7 +1664,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_4: /* fall through - FIXME add TLV parser */ case RSVP_CTYPE_IPV6: if (obj_tlen < 20) - return -1; + goto obj_tooshort; error_code=GET_U_1(obj_tptr + 17); error_value=GET_BE_U_2(obj_tptr + 18); ND_PRINT("%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)", @@ -1696,7 +1696,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return -1; + goto obj_tooshort; padbytes = GET_BE_U_2(obj_tptr + 2); ND_PRINT("%s TLV count: %u, padding bytes: %u", indent, @@ -1712,9 +1712,11 @@ rsvp_obj_print(netdissect_options *ndo, GET_U_1(obj_tptr), GET_U_1(obj_tptr + 1)); if (obj_tlen < GET_U_1(obj_tptr + 1)) + goto obj_tooshort; + if (GET_U_1(obj_tptr + 1) < 2) { + ND_PRINT("%sERROR: property TLV is too short", indent); return -1; - if (GET_U_1(obj_tptr + 1) < 2) - return -1; + } print_unknown_data(ndo, obj_tptr + 2, "\n\t\t", GET_U_1(obj_tptr + 1) - 2); obj_tlen-=GET_U_1(obj_tptr + 1); @@ -1733,7 +1735,7 @@ rsvp_obj_print(netdissect_options *ndo, case RSVP_CTYPE_1: case RSVP_CTYPE_2: if (obj_tlen < 4) - return -1; + goto obj_tooshort; ND_PRINT("%s Flags [0x%02x], epoch: %u", indent, GET_U_1(obj_tptr), @@ -1759,7 +1761,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < sizeof(struct rsvp_obj_integrity_t)) - return -1; + goto obj_tooshort; obj_ptr.rsvp_obj_integrity = (const struct rsvp_obj_integrity_t *)obj_tptr; ND_PRINT("%s Key-ID 0x%04x%08x, Sequence 0x%08x%08x, Flags [%s]", indent, @@ -1795,7 +1797,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return -1; + goto obj_tooshort; ND_PRINT("%s Flags [%s]", indent, bittok2str(rsvp_obj_admin_status_flag_values, "none", GET_BE_U_4(obj_tptr))); @@ -1811,7 +1813,7 @@ rsvp_obj_print(netdissect_options *ndo, switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) - return -1; + goto obj_tooshort; action = (GET_BE_U_2(obj_tptr)>>8); ND_PRINT("%s Action: %s (%u), Label type: %u", indent, @@ -1824,7 +1826,7 @@ rsvp_obj_print(netdissect_options *ndo, /* only a couple of subchannels are expected */ if (obj_tlen < 12) - return -1; + goto obj_tooshort; ND_PRINT("%s Start range: %u, End range: %u", indent, GET_BE_U_4(obj_tptr + 4), GET_BE_U_4(obj_tptr + 8)); @@ -1855,7 +1857,7 @@ rsvp_obj_print(netdissect_options *ndo, switch (rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 4) - return -1; + goto obj_tooshort; ND_PRINT("%s Sub-LSP destination address: %s", indent, GET_IPADDR_STRING(obj_tptr)); @@ -1864,7 +1866,7 @@ rsvp_obj_print(netdissect_options *ndo, break; case RSVP_CTYPE_IPV6: if (obj_tlen < 16) - return -1; + goto obj_tooshort; ND_PRINT("%s Sub-LSP destination address: %s", indent, GET_IP6ADDR_STRING(obj_tptr)); @@ -1899,6 +1901,12 @@ rsvp_obj_print(netdissect_options *ndo, tlen-=rsvp_obj_len; } return 0; +subobj_tooshort: + ND_PRINT("%sERROR: sub-object is too short", indent); + return -1; +obj_tooshort: + ND_PRINT("%sERROR: object is too short", indent); + return -1; invalid: nd_print_invalid(ndo); return -1; diff --git a/tests/rsvp-rsvp_obj_print-oobr.out b/tests/rsvp-rsvp_obj_print-oobr.out index 4cfa1f16..a759a4b0 100644 --- a/tests/rsvp-rsvp_obj_print-oobr.out +++ b/tests/rsvp-rsvp_obj_print-oobr.out @@ -3,4 +3,5 @@ 3 05:06:08.4043485718 IP (tos 0x0, ttl 14, id 44815, offset 0, flags [+, DF, rsvd], proto RSVP (46), length 40, bad cksum 3280 (->c411)!) 250.219.91.71 > 20.100.238.255: RSVPv1 Hello Message (20), Flags: [none], length: 16384, ttl: 0, checksum: 0x000e - Class Type (old) Object (125) Flags: [reject if unknown], Class-Type: 1 (1), length: 4 [|rsvp] + Class Type (old) Object (125) Flags: [reject if unknown], Class-Type: 1 (1), length: 4 + ERROR: object is too short