mirrors/tcpdump
0
0
Fork 0
mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2024-11-27 12:03:44 +08:00
Code Issues Packages Projects Releases Wiki Activity

RIP: Add some bounds checks

Browse Source
This commit is contained in:
Francois-Xavier Le Bail 2018-06-20 09:09:14 +02:00
parent 3f1c4af001
commit f112cfa823
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
print-rip.c
View File

@ -189,6 +189,7 @@ rip_entry_print_v1(netdissect_options *ndo, const u_char *p,
/* RFC 1058 */ /* RFC 1058 */
if (remaining < RIP_ROUTELEN) if (remaining < RIP_ROUTELEN)
return (0); return (0);
ND_TCHECK_SIZE(ni);
family = EXTRACT_BE_U_2(ni->rip_family); family = EXTRACT_BE_U_2(ni->rip_family);
if (family != BSD_AFNUM_INET && family != 0) { if (family != BSD_AFNUM_INET && family != 0) {
ND_PRINT("\n\t AFI %s, ", tok2str(bsd_af_values, "Unknown (%u)", family)); ND_PRINT("\n\t AFI %s, ", tok2str(bsd_af_values, "Unknown (%u)", family));
@ -212,6 +213,8 @@ rip_entry_print_v1(netdissect_options *ndo, const u_char *p,
ipaddr_string(ndo, ni->rip_dest), ipaddr_string(ndo, ni->rip_dest),
EXTRACT_BE_U_4(ni->rip_metric)); EXTRACT_BE_U_4(ni->rip_metric));
return (RIP_ROUTELEN); return (RIP_ROUTELEN);
trunc:
return 0;
} }
static unsigned static unsigned
@ -224,6 +227,7 @@ rip_entry_print_v2(netdissect_options *ndo, const u_char *p,
if (remaining < sizeof(*eh)) if (remaining < sizeof(*eh))
return (0); return (0);
ND_TCHECK_SIZE(eh);
family = EXTRACT_BE_U_2(eh->rip_family); family = EXTRACT_BE_U_2(eh->rip_family);
if (family == 0xFFFF) { /* variable-sized authentication structures */ if (family == 0xFFFF) { /* variable-sized authentication structures */
uint16_t auth_type = EXTRACT_BE_U_2(eh->rip_tag); uint16_t auth_type = EXTRACT_BE_U_2(eh->rip_tag);
@ -238,6 +242,7 @@ rip_entry_print_v2(netdissect_options *ndo, const u_char *p,
const struct rip_auth_crypto_v2 *ch; const struct rip_auth_crypto_v2 *ch;
ch = (const struct rip_auth_crypto_v2 *)p; ch = (const struct rip_auth_crypto_v2 *)p;
ND_TCHECK_SIZE(ch);
if (remaining < sizeof(*ch)) if (remaining < sizeof(*ch))
return (0); return (0);
ND_PRINT("\n\t Auth header:"); ND_PRINT("\n\t Auth header:");
@ -262,6 +267,7 @@ rip_entry_print_v2(netdissect_options *ndo, const u_char *p,
print_unknown_data(ndo, p + sizeof(*eh), "\n\t ", RIP_ROUTELEN - sizeof(*eh)); print_unknown_data(ndo, p + sizeof(*eh), "\n\t ", RIP_ROUTELEN - sizeof(*eh));
} else { /* BSD_AFNUM_INET or AFI 0 */ } else { /* BSD_AFNUM_INET or AFI 0 */
ni = (const struct rip_netinfo_v2 *)p; ni = (const struct rip_netinfo_v2 *)p;
ND_TCHECK_SIZE(ni);
if (remaining < sizeof(*ni)) if (remaining < sizeof(*ni))
return (0); return (0);
ND_PRINT("\n\t AFI %s, %15s/%-2d, tag 0x%04x, metric: %u, next-hop: ", ND_PRINT("\n\t AFI %s, %15s/%-2d, tag 0x%04x, metric: %u, next-hop: ",
@ -276,6 +282,8 @@ rip_entry_print_v2(netdissect_options *ndo, const u_char *p,
ND_PRINT("self"); ND_PRINT("self");
} }
return (RIP_ROUTELEN); return (RIP_ROUTELEN);
trunc:
return 0;
} }
void void
@ -304,6 +312,7 @@ rip_print(netdissect_options *ndo,
rp = (const struct rip *)dat; rp = (const struct rip *)dat;
ND_TCHECK_SIZE(rp);
vers = EXTRACT_U_1(rp->rip_vers); vers = EXTRACT_U_1(rp->rip_vers);
ND_PRINT("%sRIPv%u", ND_PRINT("%sRIPv%u",
(ndo->ndo_vflag >= 1) ? "\n\t" : "", (ndo->ndo_vflag >= 1) ? "\n\t" : "",
@ -403,4 +412,6 @@ rip_print(netdissect_options *ndo,
if (!print_unknown_data(ndo, (const uint8_t *)rp, "\n\t", length)) if (!print_unknown_data(ndo, (const uint8_t *)rp, "\n\t", length))
return; return;
} }
trunc:
return;
} }