Remove a number of instances that do not match common patterns and have
the only substantial effect on the code flow that a truncated packet
triggers "goto trunc" instead of longjmp(). (In a few cases this change
can increase the number of fields printed before giving up.)
ND_TCHECK_n(e), n in { 1, 2, 3, 4, 8 }.
They are redundant because they are followed by a GET_.*_n(e) call,
same n, same e, which do the bounds check.
Remove unused 'trunc' labels and most associated codes.
Update the outputs of some tests accordingly.
Add an ND_BYTES_BETWEEN() macro that computes how many bytes are
present, starting at the second argument and running up to (but not
including) the first argument, and returns that as a u_int (cutting it
to 32 bits on LP64 and LLP64 platforms).
Use that, including using it as a replacement for SMB's PTR_DIFF().
The exceptions are currently:
Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer.
An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer
pointer.
The functions are: nd_print, nd_printztn, nd_printn and nd_printzp.
Trying to make it clearer that they currently have to be used only on part
of the packet buffer.
Update some comments.
This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options. This way, we always pick up the
same config.h, in the build directory.
At that point, result is a multiple of 10, so it can at most be
2147483640, i.e. (INT_MAX / 10)*10.
If it's less than that, you can add any value between 0 and 9 to it and
it won't overflow.
If it's *equal* to that, you can only add a value between 0 and 7
without overflowing, i.e. the maximum is INT_MAX % 10.
Addresses Coverity CID 1400557.
Before we break out of the loop, we've already checked for those
conditions. No need to check for them again.
This fixes Coverity CIDs 1400553 and 1400554.
Make sure that it always sends *endp before returning and that, for
invalid lengths where we don't like a character in the length string,
what it sets *endp to is past the character in question, so we don't
run the risk of infinitely looping (or doing something else random) if a
character in the length is invalid.
This fixes an infinite loop discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.
Add a test using the capture file supplied by the reporter(s).
Don't call strtol() on the contents of a packet; there is *no* guarantee
that it won't run past the end of the buffer, as the buffer isn't a
null-terminated string. Instead, have our own routine to parse ASCII
numbers (based on the FreeBSD strtol()), which uses ND_TCHECK() and
checks against the on-the-wire length to ensure it doesn't go past the
end of the packet or the end of the captured data. Have it check for
other errors as well, such as checking for negative lengths that aren't
-1.
Clean up other aspects of the packet parsing. Have them check the
on-the-wire length as well as the captured length.
Update the results of the resp_3 test.
This commit adds support for RESP as defined in: http://redis.io/topics/protocol.
It also supports inline commands and pipelining. Due to the popularity of RESP,
numerous services are emerging that use this protocol. You may decode RESP packets
on arbitrary ports using the "-T resp" option.
Example captures can be found in tests/resp_*.
A simple way to test this parser is to start redis-server and then run
redis-cli commands such as "redis-cli set key value".
Traditionally, redis-cli monitor is used to debug redis. Unfortunately,
the "monitor" command can cause significant load on a redis-server in
production. This parser may be used as a non-invasive alternative to
redis-cli monitor.
