Use EXTRACT_U_1() as required by those changes. Remove
no-longer-necessary & operators from other EXTRACT_ calls.
While we're at it, add MAC_ADDR_LEN to netdissect.h, and use it instead
of ETHER_ADDR_LEN; eliminate ETHER_ADDR_LEN.
Move the maximum Ethernet length field value to ethertype.h, under the
name MAX_ETHERNET_LENGTH_VAL.
Move the Ethernet header structure, and the #define for the Ethernet
header length, to print-ether.c; in non-Ethernet dissectors that were
using the Ethernet header structure, just declare two nd_mac_addr
variables for the source and destination MAC addresses and use them
instead of the Ethernet header (we don't need the type field there).
These changes leave nothing in ether.h, so eliminate it.
Now all the macros have a name meaning a count in bytes.
With _S_: signed, _U_: unsigned
e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4
and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8 -> EXTRACT_S_1
Some time between the mid 1980's and 1990 called; they want their
old-fashioned UNIX signal handling back. ANSI C has had signal handlers
returning void sincer, well, 1989, and POSIX has had sigaction() since
close to forever. No need to worry about really old UN*Xes here.
On Windows, it's also void (as per ANSI C); use signal().
No need for a 17th null terminator.
This might, or might not, give Coverity a clue that
u_char *p;
hex[*p >> 4]
hex[*p & 0xf]
are both safe, no matter how "tainted" p is, because if you shift an
8-bit unsigned value right 4 bits, the result is between 0 and 15. (See
CID 1206732.)
1) Take the length of the NSAP into account. Otherwise, if, in our
search of the hash table, we come across a byte string that's shorter
than the string we're looking for, we'll search past the end of the
string in the hash table.
2) The first byte of the byte string in the table is the length of the
NSAP, with the byte *after* that being the first byte of the NSAP, but
the first byte of the byte string passed into lookup_nsap() is the first
byte of the NSAP, with the length passed in as a separate argument. Do
the comparison correctly.
This fixes a vulnerability discovered by Kamil Frankowicz.
Add a test using the capture file supplied by the reporter(s).
While we're at it, clean up the fix to lookup_bytestring():
1) Get rid of an unused structure member and an unused #define.
2) Get rid of an incorrect "+ 1" when calculating the size of the byte
array to allocate - that was left over from the NSAP table, where the
length was guaranteed to fit in 1 byte and we used the first byte of the
array to hold the length of the rest of the array.
Otherwise, if, in our search of the hash table, we come across a byte
string that's shorter than the string we're looking for, we'll search
past the end of the string in the hash table.
This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.
Add a test using the capture file supplied by the reporter(s).
The patch allows tcpdump to run sandboxed and still do name resolution.
The code is obtained from FreeBSD tree, where it was developed by
Pawel Jakub Dawidek <pjd@FreeBSD.org>
Mariusz Zaborski <oshogbo@FreeBSD.org>
Change cddcb5632d changed isonsap_string()
to take, as arguments, a pointer to the first octet of an NSAP and the
length of the NSAP, rather than a pointer to a string of octets the
first octet of which is the NSAP length and the subsequent octets are
the octets of the NSAP.
However, lookup_nsap() was not changed in a similar fashion, and
isonsap_string() handed it a pointer to the first octet of the NSAP,
which lookup_nsap() treated as the NSAP length.
This should fix GitHub issue #563.
Don't use a hack to get the table from libpcap; have our own table.
That cleans up the hack, and lets us add stuff to our table without
having to worry about libpcap.
Have our own routines to convert between IPv4/IPv6 addresses and
strings; that helps if, for example, we want to build binary versions of
tcpdump for Windows that can run both on NT 5 (W2K/WXP), which doesn't
have inet_ntop() or inet_pton(), and NT 6 (Vista/7/8/10), which do. It
also means that we don't require IPv6 library support on UN*X to print
addresses (if somebody wants to build tcpdump for older UN*Xes lacking
IPv6 support in the system library or in add-on libraries).
Get rid of files in the missing directory that we don't need, and
various no-longer-necessary autoconf tests.
We stopped doing setjmp/longjmp a while ago (it could cause issues on
multiple platforms), so we don't need to make pointer variables static
in the lookup routines.
We have a choice between "your OS's header files suck" warnings on HP-UX
and -Wcast-qual warnings on all platforms. I vote for the former, as
the latter let us find cases where we're casting constness away, and we
really don't want to cast constness away if we can possibly avoid it.
The purpose of this macro was to enable the file-by-file switch to NDO,
after which only tcpdump.c had a use of it and the definitions guarded
by it. Update tcpdump.c not to require them any more and dismiss the
unused definitions.
Remove the TTEST{2}/TCHECK{2} macros. Rename all "ndo_printer" routines,
structures, and structure members to just "printer", and get rid of the
old routines/structures/structure members with those names.
And, as we require at least autoconf 2.61, and as autoconf 2.61 and
later have AC_TYPE_UINTn_T and AC_TYPE_INTn_T macros, we use them to
define the uintN_t and intN_t macros if the system doesn't define them
for us.
This lets us get rid of bitypes.h as well.
Have them take a netdissect_options * argument, and get the "no name
resolution" flag from it.
Move the declaration of dnaddr_string to addrtoname.h, along with the
other XXX-to-string routines.
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.
Unfortunately, the DLT_PFSYNC support depends on header files included
from the pfctl command's source tree, and trying to arrange to find that
would be too much trouble.
From FreeBSD PR bin/124825: tcpdump(8) does not support pfsync(4) data,
which in turn was ported over from OpenBSD. We already have CARP
support, so we did not port that part over.
