From: Francois-Xavier Le Bail Date: Fri, 6 Dec 2024 13:56:17 +0000 (+0100) Subject: LISP: Add two length checks for "invalid" cases X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/cccf9ddf03cbc6320dbbf076a14712ef4a92a04e LISP: Add two length checks for "invalid" cases Moreover: Update a ND_ICHECK_U to ND_ICHECKMSG_U(). Add an "unsuported address family identifier" message. Add two test cases (a pcap with two outputs, with/without -v). --- diff --git a/print-lisp.c b/print-lisp.c index 24255564..a2a458b8 100644 --- a/print-lisp.c +++ b/print-lisp.c @@ -268,14 +268,18 @@ lisp_print(netdissect_options *ndo, const u_char *bp, u_int length) ND_PRINT("\n %u record(s), ", record_count); ND_PRINT("Authentication %s,", tok2str(auth_type, "unknown-type", key_id)); + ND_ICHECKMSG_ZU("authentication data length", auth_data_len, >, + length - MAP_REGISTER_HDR_LEN); hex_print(ndo, "\n Authentication-Data: ", bp + packet_offset, auth_data_len); } else { ND_PRINT(" %u record(s),", record_count); + ND_ICHECKMSG_ZU("authentication data length", auth_data_len, >, + length - MAP_REGISTER_HDR_LEN); } packet_offset += auth_data_len; - ND_ICHECK_U(record_count, ==, 0); + ND_ICHECKMSG_U("record count", record_count, ==, 0); /* Print all the EID records */ while ((length > packet_offset) && (record_count != 0)) { @@ -310,6 +314,8 @@ lisp_print(netdissect_options *ndo, const u_char *bp, u_int length) packet_offset += 16; break; default: + ND_PRINT(" [unsuported address family identifier %u]", + eid_afi); /* * No support for LCAF right now. */ diff --git a/tests/TESTLIST b/tests/TESTLIST index a778b022..a6ffc3b0 100644 --- a/tests/TESTLIST +++ b/tests/TESTLIST @@ -556,6 +556,8 @@ lisp_ipv6_eid lisp_ipv6.pcap lisp_ipv6.out lisp_eid_notify-v lisp_eid_notify.pcap lisp_eid_notify-v.out -v lisp_eid_register-v lisp_eid_register.pcap lisp_eid_register-v.out -v lisp_ipv6_eid-v lisp_ipv6.pcap lisp_ipv6-v.out -v +lisp_invalid lisp_invalid.pcap lisp_invalid.out +lisp_invalid-v lisp_invalid.pcap lisp_invalid-v.out -v # NSH tests nsh nsh.pcap nsh.out diff --git a/tests/lisp_invalid-v.out b/tests/lisp_invalid-v.out new file mode 100644 index 00000000..fc24a9b9 --- /dev/null +++ b/tests/lisp_invalid-v.out @@ -0,0 +1,9 @@ + 1 2015-08-22 11:09:05.156268 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 160) + 192.168.0.105.4342 > 127.0.0.1.4342: LISP-Map-Notify, flags [none], + 3 record(s), Authentication SHA1, + Authentication-Data: 0x0000: 4bbb 9614 a67a 8604 0407 7995 4537 1906 + Authentication-Data: 0x0010: 836c d1d6 + Record TTL 1440, Authoritative, No-Action, Map Version: 0, [unsuported address family identifier 7680] + 2 2015-08-22 11:09:05.615558 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 156) + 192.168.0.105.4342 > 127.0.0.1.4342: LISP-Map-Notify, flags [I-xTR-ID-Present], + 2 record(s), Authentication unknown-type, [authentication data length 35117 > 112] (invalid) diff --git a/tests/lisp_invalid.out b/tests/lisp_invalid.out new file mode 100644 index 00000000..8576e18a --- /dev/null +++ b/tests/lisp_invalid.out @@ -0,0 +1,3 @@ + 1 2015-08-22 11:09:05.156268 IP 192.168.0.105.4342 > 127.0.0.1.4342: LISP-Map-Notify, 3 record(s), + [unsuported address family identifier 7680] + 2 2015-08-22 11:09:05.615558 IP 192.168.0.105.4342 > 127.0.0.1.4342: LISP-Map-Notify, 2 record(s), [authentication data length 35117 > 112] (invalid) diff --git a/tests/lisp_invalid.pcap b/tests/lisp_invalid.pcap new file mode 100644 index 00000000..7517d81a Binary files /dev/null and b/tests/lisp_invalid.pcap differ