mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-11-27 12:03:44 +08:00
Don't pass in "asn1_parse()" a packet length cut short by the snapshot
length; explicitly check against the snapshot length, instead. In "asn1_parse()", always check against the length passed in before fetching anything from the packet.
This commit is contained in:
guy
parent
128d636bc2
commit
72e501f3cf
163
print-snmp.c
163
print-snmp.c
@ -58,7 +58,7 @@
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] _U_ =
|
||||
"@(#) $Header: /tcpdump/master/tcpdump/print-snmp.c,v 1.60 2004-11-04 07:53:56 guy Exp $ (LBL)";
|
||||
"@(#) $Header: /tcpdump/master/tcpdump/print-snmp.c,v 1.61 2004-12-27 22:14:12 guy Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
@ -394,13 +394,6 @@ const char *SnmpVersion[] = {
|
||||
|
||||
#define ASN_ID_EXT 0x1f /* extension ID in tag field */
|
||||
|
||||
/*
|
||||
* truncated==1 means the packet was complete, but we don't have all of
|
||||
* it to decode.
|
||||
*/
|
||||
static int truncated;
|
||||
#define ifNotTruncated if (truncated) fputs("[|snmp]", stdout); else
|
||||
|
||||
/*
|
||||
* This decodes the next ASN.1 object in the stream pointed to by "p"
|
||||
* (and of real-length "len") and stores the intermediate data in the
|
||||
@ -418,9 +411,10 @@ asn1_parse(register const u_char *p, u_int len, struct be *elem)
|
||||
elem->asnlen = 0;
|
||||
elem->type = BE_ANY;
|
||||
if (len < 1) {
|
||||
ifNotTruncated fputs("[nothing to parse]", stdout);
|
||||
fputs("[nothing to parse]", stdout);
|
||||
return -1;
|
||||
}
|
||||
TCHECK(*p);
|
||||
|
||||
/*
|
||||
* it would be nice to use a bit field, but you can't depend on them.
|
||||
@ -444,52 +438,66 @@ asn1_parse(register const u_char *p, u_int len, struct be *elem)
|
||||
p++; len--; hdr = 1;
|
||||
/* extended tag field */
|
||||
if (id == ASN_ID_EXT) {
|
||||
for (id = 0; *p & ASN_BIT8 && len > 0; len--, hdr++, p++)
|
||||
/*
|
||||
* The ID follows, as a sequence of octets with the
|
||||
* 8th bit set and the remaining 7 bits being
|
||||
* the next 7 bits of the value, terminated with
|
||||
* an octet with the 8th bit not set.
|
||||
*
|
||||
* First, assemble all the octets with the 8th
|
||||
* bit set. XXX - this doesn't handle a value
|
||||
* that won't fit in 32 bits.
|
||||
*/
|
||||
for (id = 0; *p & ASN_BIT8; len--, hdr++, p++) {
|
||||
if (len < 1) {
|
||||
fputs("[Xtagfield?]", stdout);
|
||||
return -1;
|
||||
}
|
||||
TCHECK(*p);
|
||||
id = (id << 7) | (*p & ~ASN_BIT8);
|
||||
if (len == 0 && *p & ASN_BIT8) {
|
||||
ifNotTruncated fputs("[Xtagfield?]", stdout);
|
||||
}
|
||||
if (len < 1) {
|
||||
fputs("[Xtagfield?]", stdout);
|
||||
return -1;
|
||||
}
|
||||
TCHECK(*p);
|
||||
elem->id = id = (id << 7) | *p;
|
||||
--len;
|
||||
++hdr;
|
||||
++p;
|
||||
}
|
||||
if (len < 1) {
|
||||
ifNotTruncated fputs("[no asnlen]", stdout);
|
||||
fputs("[no asnlen]", stdout);
|
||||
return -1;
|
||||
}
|
||||
TCHECK(*p);
|
||||
elem->asnlen = *p;
|
||||
p++; len--; hdr++;
|
||||
if (elem->asnlen & ASN_BIT8) {
|
||||
u_int32_t noct = elem->asnlen % ASN_BIT8;
|
||||
elem->asnlen = 0;
|
||||
if (len < noct) {
|
||||
ifNotTruncated printf("[asnlen? %d<%d]", len, noct);
|
||||
printf("[asnlen? %d<%d]", len, noct);
|
||||
return -1;
|
||||
}
|
||||
TCHECK2(*p, noct);
|
||||
for (; noct-- > 0; len--, hdr++)
|
||||
elem->asnlen = (elem->asnlen << ASN_SHIFT8) | *p++;
|
||||
}
|
||||
if (len < elem->asnlen) {
|
||||
if (!truncated) {
|
||||
printf("[len%d<asnlen%u]", len, elem->asnlen);
|
||||
return -1;
|
||||
}
|
||||
/* maybe should check at least 4? */
|
||||
elem->asnlen = len;
|
||||
printf("[len%d<asnlen%u]", len, elem->asnlen);
|
||||
return -1;
|
||||
}
|
||||
if (form >= sizeof(Form)/sizeof(Form[0])) {
|
||||
ifNotTruncated printf("[form?%d]", form);
|
||||
printf("[form?%d]", form);
|
||||
return -1;
|
||||
}
|
||||
if (class >= sizeof(Class)/sizeof(Class[0])) {
|
||||
ifNotTruncated printf("[class?%c/%d]", *Form[form], class);
|
||||
printf("[class?%c/%d]", *Form[form], class);
|
||||
return -1;
|
||||
}
|
||||
if ((int)id >= Class[class].numIDs) {
|
||||
ifNotTruncated printf("[id?%c/%s/%d]", *Form[form],
|
||||
Class[class].name, id);
|
||||
printf("[id?%c/%s/%d]", *Form[form], Class[class].name, id);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -508,6 +516,7 @@ asn1_parse(register const u_char *p, u_int len, struct be *elem)
|
||||
elem->type = BE_INT;
|
||||
data = 0;
|
||||
|
||||
TCHECK2(*p, elem->asnlen);
|
||||
if (*p & ASN_BIT8) /* negative */
|
||||
data = -1;
|
||||
for (i = elem->asnlen; i-- > 0; p++)
|
||||
@ -546,6 +555,7 @@ asn1_parse(register const u_char *p, u_int len, struct be *elem)
|
||||
case GAUGE:
|
||||
case TIMETICKS: {
|
||||
register u_int32_t data;
|
||||
TCHECK2(*p, elem->asnlen);
|
||||
elem->type = BE_UNS;
|
||||
data = 0;
|
||||
for (i = elem->asnlen; i-- > 0; p++)
|
||||
@ -556,6 +566,7 @@ asn1_parse(register const u_char *p, u_int len, struct be *elem)
|
||||
|
||||
case COUNTER64: {
|
||||
register u_int32_t high, low;
|
||||
TCHECK2(*p, elem->asnlen);
|
||||
elem->type = BE_UNS64;
|
||||
high = 0, low = 0;
|
||||
for (i = elem->asnlen; i-- > 0; p++) {
|
||||
@ -597,10 +608,11 @@ asn1_parse(register const u_char *p, u_int len, struct be *elem)
|
||||
break;
|
||||
|
||||
default:
|
||||
elem->type = BE_OCTET;
|
||||
elem->data.raw = (caddr_t)p;
|
||||
printf("[P/%s/%s]",
|
||||
Class[class].name, Class[class].Id[id]);
|
||||
TCHECK2(*p, elem->asnlen);
|
||||
elem->type = BE_OCTET;
|
||||
elem->data.raw = (caddr_t)p;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
@ -639,6 +651,10 @@ asn1_parse(register const u_char *p, u_int len, struct be *elem)
|
||||
p += elem->asnlen;
|
||||
len -= elem->asnlen;
|
||||
return elem->asnlen + hdr;
|
||||
|
||||
trunc:
|
||||
fputs("[|snmp]", stdout);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -646,7 +662,7 @@ asn1_parse(register const u_char *p, u_int len, struct be *elem)
|
||||
* This used to be an integral part of asn1_parse() before the intermediate
|
||||
* BE form was added.
|
||||
*/
|
||||
static void
|
||||
static int
|
||||
asn1_print(struct be *elem)
|
||||
{
|
||||
u_char *p = (u_char *)elem->data.raw;
|
||||
@ -656,6 +672,7 @@ asn1_print(struct be *elem)
|
||||
switch (elem->type) {
|
||||
|
||||
case BE_OCTET:
|
||||
TCHECK2(*p, asnlen);
|
||||
for (i = asnlen; i-- > 0; p++)
|
||||
printf("_%.2x", *p);
|
||||
break;
|
||||
@ -664,13 +681,14 @@ asn1_print(struct be *elem)
|
||||
break;
|
||||
|
||||
case BE_OID: {
|
||||
int o = 0, first = -1, i = asnlen;
|
||||
int o = 0, first = -1, i = asnlen;
|
||||
|
||||
if (!sflag && !nflag && asnlen > 2) {
|
||||
struct obj_abrev *a = &obj_abrev_list[0];
|
||||
size_t a_len = strlen(a->oid);
|
||||
for (; a->node; a++) {
|
||||
if (!memcmp(a->oid, (char *)p,
|
||||
strlen(a->oid))) {
|
||||
TCHECK2(*p, a_len);
|
||||
if (memcmp(a->oid, (char *)p, a_len) == 0) {
|
||||
objp = a->node->child;
|
||||
i -= strlen(a->oid);
|
||||
p += strlen(a->oid);
|
||||
@ -682,6 +700,7 @@ asn1_print(struct be *elem)
|
||||
}
|
||||
|
||||
for (; !sflag && i-- > 0; p++) {
|
||||
TCHECK(*p);
|
||||
o = (o << ASN_SHIFT7) + (*p & ~ASN_BIT8);
|
||||
if (*p & ASN_LONGLEN)
|
||||
continue;
|
||||
@ -761,6 +780,7 @@ asn1_print(struct be *elem)
|
||||
case BE_STR: {
|
||||
register int printable = 1, first = 1;
|
||||
const u_char *p = elem->data.str;
|
||||
TCHECK2(*p, asnlen);
|
||||
for (i = asnlen; printable && i-- > 0; p++)
|
||||
printable = isprint(*p) || isspace(*p);
|
||||
p = elem->data.str;
|
||||
@ -783,6 +803,7 @@ asn1_print(struct be *elem)
|
||||
case BE_INETADDR:
|
||||
if (asnlen != ASNLEN_INETADDR)
|
||||
printf("[inetaddr len!=%d]", ASNLEN_INETADDR);
|
||||
TCHECK2(*p, asnlen);
|
||||
for (i = asnlen; i-- != 0; p++) {
|
||||
printf((i == asnlen-1) ? "%u" : ".%u", *p);
|
||||
}
|
||||
@ -807,6 +828,11 @@ asn1_print(struct be *elem)
|
||||
fputs("[be!?]", stdout);
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
|
||||
trunc:
|
||||
fputs("[|snmp]", stdout);
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef notdef
|
||||
@ -829,7 +855,8 @@ asn1_decode(u_char *p, u_int length)
|
||||
i = asn1_parse(p, length, &elem);
|
||||
if (i >= 0) {
|
||||
fputs(" ", stdout);
|
||||
asn1_print(&elem);
|
||||
if (asn1_print(&elem) < 0)
|
||||
return;
|
||||
if (elem.type == BE_SEQ || elem.type == BE_PDU) {
|
||||
fputs(" {", stdout);
|
||||
asn1_decode(elem.data.raw, elem.asnlen);
|
||||
@ -865,14 +892,16 @@ static struct smi2be smi2betab[] = {
|
||||
{ SMI_BASETYPE_UNKNOWN, BE_NONE }
|
||||
};
|
||||
|
||||
static void smi_decode_oid(struct be *elem, unsigned int *oid,
|
||||
unsigned int oidsize, unsigned int *oidlen)
|
||||
static int
|
||||
smi_decode_oid(struct be *elem, unsigned int *oid,
|
||||
unsigned int oidsize, unsigned int *oidlen)
|
||||
{
|
||||
u_char *p = (u_char *)elem->data.raw;
|
||||
u_int32_t asnlen = elem->asnlen;
|
||||
int o = 0, first = -1, i = asnlen;
|
||||
|
||||
for (*oidlen = 0; sflag && i-- > 0; p++) {
|
||||
TCHECK(*p);
|
||||
o = (o << ASN_SHIFT7) + (*p & ~ASN_BIT8);
|
||||
if (*p & ASN_LONGLEN)
|
||||
continue;
|
||||
@ -895,6 +924,11 @@ static void smi_decode_oid(struct be *elem, unsigned int *oid,
|
||||
}
|
||||
o = 0;
|
||||
}
|
||||
return 0;
|
||||
|
||||
trunc:
|
||||
fputs("[|snmp]", stdout);
|
||||
return -1;
|
||||
}
|
||||
|
||||
static int smi_check_type(SmiBasetype basetype, int be)
|
||||
@ -987,16 +1021,19 @@ static int smi_check_range(SmiType *smiType, struct be *elem)
|
||||
return ok;
|
||||
}
|
||||
|
||||
static SmiNode *smi_print_variable(struct be *elem)
|
||||
static SmiNode *smi_print_variable(struct be *elem, int *status)
|
||||
{
|
||||
unsigned int oid[128], oidlen;
|
||||
SmiNode *smiNode = NULL;
|
||||
int i;
|
||||
|
||||
smi_decode_oid(elem, oid, sizeof(oid)/sizeof(unsigned int), &oidlen);
|
||||
*status = smi_decode_oid(elem, oid, sizeof(oid)/sizeof(unsigned int),
|
||||
&oidlen);
|
||||
if (*status < 0)
|
||||
return NULL;
|
||||
smiNode = smiGetNodeByOID(oidlen, oid);
|
||||
if (! smiNode) {
|
||||
asn1_print(elem);
|
||||
*status = asn1_print(elem);
|
||||
return NULL;
|
||||
}
|
||||
if (vflag) {
|
||||
@ -1009,10 +1046,12 @@ static SmiNode *smi_print_variable(struct be *elem)
|
||||
printf(".%u", oid[i]);
|
||||
}
|
||||
}
|
||||
*status = 0;
|
||||
return smiNode;
|
||||
}
|
||||
|
||||
static void smi_print_value(SmiNode *smiNode, u_char pduid, struct be *elem)
|
||||
static int
|
||||
smi_print_value(SmiNode *smiNode, u_char pduid, struct be *elem)
|
||||
{
|
||||
unsigned int oid[128], oidlen;
|
||||
SmiType *smiType;
|
||||
@ -1021,15 +1060,13 @@ static void smi_print_value(SmiNode *smiNode, u_char pduid, struct be *elem)
|
||||
|
||||
if (! smiNode || ! (smiNode->nodekind
|
||||
& (SMI_NODEKIND_SCALAR | SMI_NODEKIND_COLUMN))) {
|
||||
asn1_print(elem);
|
||||
return;
|
||||
return asn1_print(elem);
|
||||
}
|
||||
|
||||
if (elem->type == BE_NOSUCHOBJECT
|
||||
|| elem->type == BE_NOSUCHINST
|
||||
|| elem->type == BE_ENDOFMIBVIEW) {
|
||||
asn1_print(elem);
|
||||
return;
|
||||
return asn1_print(elem);
|
||||
}
|
||||
|
||||
if (NOTIFY_CLASS(pduid) && smiNode->access < SMI_ACCESS_NOTIFY) {
|
||||
@ -1051,8 +1088,7 @@ static void smi_print_value(SmiNode *smiNode, u_char pduid, struct be *elem)
|
||||
|
||||
smiType = smiGetNodeType(smiNode);
|
||||
if (! smiType) {
|
||||
asn1_print(elem);
|
||||
return;
|
||||
return asn1_print(elem);
|
||||
}
|
||||
|
||||
if (! smi_check_type(smiType->basetype, elem->type)) {
|
||||
@ -1115,8 +1151,9 @@ static void smi_print_value(SmiNode *smiNode, u_char pduid, struct be *elem)
|
||||
}
|
||||
|
||||
if (! done) {
|
||||
asn1_print(elem);
|
||||
return asn1_print(elem);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -1164,6 +1201,7 @@ varbind_print(u_char pduid, const u_char *np, u_int length)
|
||||
#ifdef LIBSMI
|
||||
SmiNode *smiNode = NULL;
|
||||
#endif
|
||||
int status;
|
||||
|
||||
/* Sequence of varBind */
|
||||
if ((count = asn1_parse(np, length, &elem)) < 0)
|
||||
@ -1208,16 +1246,18 @@ varbind_print(u_char pduid, const u_char *np, u_int length)
|
||||
return;
|
||||
}
|
||||
#ifdef LIBSMI
|
||||
smiNode = smi_print_variable(&elem);
|
||||
smiNode = smi_print_variable(&elem, &status);
|
||||
#else
|
||||
asn1_print(&elem);
|
||||
status = asn1_print(&elem);
|
||||
#endif
|
||||
if (status < 0)
|
||||
return;
|
||||
length -= count;
|
||||
np += count;
|
||||
|
||||
if (pduid != GETREQ && pduid != GETNEXTREQ
|
||||
&& pduid != GETBULKREQ)
|
||||
fputs("=", stdout);
|
||||
fputs("=", stdout);
|
||||
|
||||
/* objVal (ANY) */
|
||||
if ((count = asn1_parse(np, length, &elem)) < 0)
|
||||
@ -1226,16 +1266,19 @@ varbind_print(u_char pduid, const u_char *np, u_int length)
|
||||
|| pduid == GETBULKREQ) {
|
||||
if (elem.type != BE_NULL) {
|
||||
fputs("[objVal!=NULL]", stdout);
|
||||
asn1_print(&elem);
|
||||
if (asn1_print(&elem) < 0)
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
if (elem.type != BE_NULL) {
|
||||
#ifdef LIBSMI
|
||||
smi_print_value(smiNode, pduid, &elem);
|
||||
status = smi_print_value(smiNode, pduid, &elem);
|
||||
#else
|
||||
asn1_print(&elem);
|
||||
status = asn1_print(&elem);
|
||||
#endif
|
||||
}
|
||||
if (status < 0)
|
||||
return;
|
||||
}
|
||||
length = vblength;
|
||||
np = vbend;
|
||||
@ -1342,7 +1385,8 @@ trappdu_print(const u_char *np, u_int length)
|
||||
asn1_print(&elem);
|
||||
return;
|
||||
}
|
||||
asn1_print(&elem);
|
||||
if (asn1_print(&elem) < 0)
|
||||
return;
|
||||
length -= count;
|
||||
np += count;
|
||||
|
||||
@ -1356,7 +1400,8 @@ trappdu_print(const u_char *np, u_int length)
|
||||
asn1_print(&elem);
|
||||
return;
|
||||
}
|
||||
asn1_print(&elem);
|
||||
if (asn1_print(&elem) < 0)
|
||||
return;
|
||||
length -= count;
|
||||
np += count;
|
||||
|
||||
@ -1402,7 +1447,8 @@ trappdu_print(const u_char *np, u_int length)
|
||||
asn1_print(&elem);
|
||||
return;
|
||||
}
|
||||
asn1_print(&elem);
|
||||
if (asn1_print(&elem) < 0)
|
||||
return;
|
||||
length -= count;
|
||||
np += count;
|
||||
|
||||
@ -1431,7 +1477,8 @@ pdu_print(const u_char *np, u_int length, int version)
|
||||
if (vflag) {
|
||||
fputs("{ ", stdout);
|
||||
}
|
||||
asn1_print(&pdu);
|
||||
if (asn1_print(&pdu) < 0)
|
||||
return;
|
||||
fputs(" ", stdout);
|
||||
/* descend into PDU */
|
||||
length = pdu.asnlen;
|
||||
@ -1795,14 +1842,6 @@ snmp_print(const u_char *np, u_int length)
|
||||
int count = 0;
|
||||
int version = 0;
|
||||
|
||||
truncated = 0;
|
||||
|
||||
/* truncated packet? */
|
||||
if (np + length > snapend) {
|
||||
truncated = 1;
|
||||
length = snapend - np;
|
||||
}
|
||||
|
||||
putchar(' ');
|
||||
|
||||
/* initial Sequence */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user