erspan: add checks for data we don't print.

Make sure we don't run past the end of the captured data for fields we
skip in ERSPAN type III packets.

Add a test file.
This commit is contained in:
Guy Harris 2024-10-28 08:22:22 -07:00
parent fb3da61120
commit c2c2549677
4 changed files with 6 additions and 0 deletions

View File

@ -244,11 +244,13 @@ erspan_iii_print(netdissect_options *ndo, const u_char *bp, u_int len)
/* Skip timestamp */
ND_ICHECK_U(len, <, 4);
ND_TCHECK_LEN(bp, 4);
bp += 4;
len -= 4;
/* Skip SGT */
ND_ICHECK_U(len, <, 2);
ND_TCHECK_LEN(bp, 2);
bp += 2;
len -= 2;
@ -267,6 +269,7 @@ erspan_iii_print(netdissect_options *ndo, const u_char *bp, u_int len)
if (hdr2 & ERSPAN3_O_MASK) {
/* Yes. Skip it. */
ND_ICHECK_U(len, <, 8);
ND_TCHECK_LEN(bp, 8);
bp += 8;
len -= 8;
}

View File

@ -593,6 +593,7 @@ erspan-type-ii-2 erspan-type-ii-2.pcap erspan-type-ii-2.out -v
erspan-type-ii-3 erspan-type-ii-3.pcap erspan-type-ii-3.out -v
erspan-type-iii-ft-0 erspan-type-iii-ft-0.pcap erspan-type-iii-ft-0.out -v
erspan-type-iii-ft-7 erspan-type-iii-ft-7.pcap erspan-type-iii-ft-7.out -v
erspan-type-iii-pb-1 erspan-type-iii-pb-1.pcap erspan-type-iii-pb-1.out -v
# bad packets from Hanno Böck
# heap-overflow-1 is in non-bsd.tests

View File

@ -0,0 +1,2 @@
1 1972-02-16 17:25:18.554240 IP6 (class 0x30, flowlabel 0x00001, hlim 1, next-header unknown (60), payload length 288) 4120:7467:1700:4200:143:100:7f01:400e > 4591:bfd7:cd87:d7:68:38:101:e800: DSTOPT (padn)(pad1)(padn)(opt_type 0x40: len=1)(pad1)(opt_type 0x7f: len=0)(pad1)(pad1) GREv0, Flags [sequence# present, source routing present], seq 4280811777, length 272
erspan type3 session 0 bso Short cos 0 ft Ethernet [|erspan]

Binary file not shown.