Check to make sure we don't go past the length value in the header.
Note that the string in an Identity message is optional (so we just
don't bother printing it if it's zero-length), but the string in a
notification message isn't (so report an error if it's zero-length).
In some cases, EAP fragmentation/reassembly is done at a layer above
EAP, e.g. when EAP messages are contained within a RADIUS message and
are broken up into multiple TLVs in the message. In those cases, the
length handed to eap_print() will be different from the length in the
first fragment's header, and the remaining fragments won't *have* a
header, so the "length" will be garbage and thus unlikely to be equal to
the length handed to us.
The errors were like:
print-eap.c:179:25: runtime error: unsigned integer overflow:
2 - 5 cannot be represented in type 'unsigned int'
print-eap.c:181:50: runtime error: unsigned integer overflow:
2 - 5 cannot be represented in type 'unsigned int'
print-eap.c:186:25: runtime error: unsigned integer overflow:
2 - 5 cannot be represented in type 'unsigned int'
print-eap.c:188:50: runtime error: unsigned integer overflow:
2 - 5 cannot be represented in type 'unsigned int'
ND_TCHECK_n(e).
They are redundant because they are followed by a GET_.*_n(e) call,
same n, same e, which do the bounds check.
Remove unused 'trunc' label(s) and most associated code(s).
Remove a number of instances that do not match common patterns and have
the only substantial effect on the code flow that a truncated packet
triggers "goto trunc" instead of longjmp(). (In a few cases this change
can increase the number of fields printed before giving up.)
ND_TCHECK_n(e), n in { 1, 2, 3, 4, 8 }.
They are redundant because they are followed by a GET_.*_n(e) call,
same n, same e, which do the bounds check.
Remove unused 'trunc' labels and most associated codes.
Update the outputs of some tests accordingly.
The exceptions are currently:
Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer.
An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer
pointer.
Code value 0 is not assigned, and the code block guarded by the if() is
specific to Request (1) and Response (2) only. This change prevents the
printer from decoding some invalid EAP messages as if they were valid.
[skip ci]
This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options. This way, we always pick up the
same config.h, in the build directory.
Now all the macros have a name meaning a count in bytes.
With _S_: signed, _U_: unsigned
e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4
and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8 -> EXTRACT_S_1
This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.
with the tag '\summary:' for greping.
Remark: Currently some printers have no summary line.
Moreover:
Summarize all printers with a single line in INSTALL.txt
The purpose of this macro was to enable the file-by-file switch to NDO,
after which only tcpdump.c had a use of it and the definitions guarded
by it. Update tcpdump.c not to require them any more and dismiss the
unused definitions.
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.