Builds using Autotools or CMake generate config.h, thus remove the
'#ifdef HAVE_CONFIG_H'/'#endif'.
Remove also the 'add_definitions(-DHAVE_CONFIG_H)' in CMakeLists.txt.
The specification say nothing about using an Unix timestamp.
Do only an hexa dump.
Add a length test.
FRF.16.1 Section 3.4.4 Timestamp Information Element states:
The maximum length is 14 octets. Format is implementation specific.
Granularity and interpretation of the Timestamp Information Element is
implementation specific.
(https://www.broadband-forum.org/download/FRF.16.1.pdf)
Remove a number of instances that do not match common patterns and have
the only substantial effect on the code flow that a truncated packet
triggers "goto trunc" instead of longjmp(). (In a few cases this change
can increase the number of fields printed before giving up.)
ND_TCHECK_n(e), n in { 1, 2, 3, 4, 8 }.
They are redundant because they are followed by a GET_.*_n(e) call,
same n, same e, which do the bounds check.
Remove unused 'trunc' labels and most associated codes.
Update the outputs of some tests accordingly.
The specification says in a well-formed Magic Number Information Element
the data is exactly 4 bytes long. This gives a more accurate output.
Update the output of a test accordingly.
Partial update from aa3e54f594
in 4.9 branch.
We require an environment with a C99-compatible snprintf(), so we don't
need to work around older implementations. Make the configuration
process fail if we don't have snprintf() and vsnprintf().
We require at least VS 2015, so we don't have to check for _MSC_VER >=
1400. Make the build fail if we don't have at least VS 2015.
We apparently do, however, have to use __inline, as the VS 2015
documentation doesn't meaning plain old "inline". Update a comment.
Add a ND_BYTES_AVAILABLE_AFTER() macro to find the number of bytes
available in the captured data, starting at the byte pointed to by the
argument. It returns a u_int rather than a ptrdiff_t, so it'll be
32 bits on LP64 and LLP64 platforms as well as on ILP32 platforms. Use
that macro.
Make size-of-buffer arguments size_t.
Cast some size_t and ptrdiff_t values to u_int or int.
The exceptions are currently:
Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer.
An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer
pointer.
Some versions of the MSVC runtime library have a non-C99-compliant
vsnprintf(), which we want to avoid. On Windows, use snprintf() and
vsnprintf() for VS 2015 and later, where they both exist in
C99-compliant forms, and wrap _{v}snprintf_s() otherwise (they're
guaranteed to do the null termination that we want).
This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options. This way, we always pick up the
same config.h, in the build directory.
Now all the macros have a name meaning a count in bytes.
With _S_: signed, _U_: unsigned
e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4
and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8 -> EXTRACT_S_1
This fixes a buffer over-read discovered by Kamil Frankowicz.
Don't pass the remaining caplen - that's too hard to get right, and we
were getting it wrong in at least one case; just use ND_TTEST().
Add a test using the capture file supplied by the reporter(s).
The source code comment explains it should fall through but GCC does not
pick it up, that's what the new macro is for.
./print-fr.c: In function ‘mfr_print’:
./print-fr.c:510:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
if (ie_len == sizeof(struct timeval)) {
^
./print-fr.c:521:13: note: here
case MFR_CTRL_IE_VENDOR_EXT:
^~~~
Brian Carpenter had found that regardless of CVE-2016-8575 q933_print()
still could overread the buffer trying to parse a short packet. This
change fixes the problem.
In ethertype_print(), isoclns_print() and snap_print() adjust the length
arithmetics along the same lines as for ether_print() in the previous
commit. Where done, the current pointer is not greater than snapend so
that the difference (i.e. caplen) is never negative.
This does not fix a reported issue but the problem was very likely to be
there.
If a protocol that runs under a link-layer protocol would print the
link-layer addresses for the packet as source and destination addresses
for the packet, don't have it blithely assume those link-layer addresses
are present or are at a particular offset from the beginning of that
protocol's data; Ethertypes, for example, are used by a number of
protocols, not all of which have Ethernet headers and not all of which
have any MAC headers.
Instead, pass the printers for those protocols structures with a pointer
to the address data and a pointer to a routine that prints the address.
Fixes some heap overflows found with American Fuzzy Lop by Hanno Böck.
Check the packet length and the snapshot length as we parse the packet.
Extract each field as we go.
Support arbitrary call reference lengths, 0 to 15 octets.
Handle single-octet IEs correctly - don't look for a length.
Handle both locking and non-locking shifts correctly. Don't assume that
the first octet after the message type is a shift and contains a
codeset. We were doing that, meaning that we tended to think codeset 1
was being used (by misparsing an IE with a code of 0x51 as a shift to
codeset 1) when it wasn't - codeset 0 was being used; correctly handle
codeset 0.
