Enable ND_LONGJMP_FROM_TCHECK. Report invalid packets as invalid. Have
nd_printn() and nd_printztn() guard the snapshot end. Replace
client_fqdn_flags() with bittok2str_nosep().
ND_TCHECK_4(e).
They are redundant because they are followed by a GET_IPADDR_STRING(e)
call, same e, which do the bounds check.
Remove unused 'trunc' labels and associated codes.
Update the output of a test accordingly.
Remove a number of instances that do not match common patterns and have
the only substantial effect on the code flow that a truncated packet
triggers "goto trunc" instead of longjmp(). (In a few cases this change
can increase the number of fields printed before giving up.)
ND_TCHECK_n(e), n in { 1, 2, 3, 4, 8 }.
They are redundant because they are followed by a GET_.*_n(e) call,
same n, same e, which do the bounds check.
Remove unused 'trunc' labels and most associated codes.
Update the outputs of some tests accordingly.
rfc1048_print() used to print DHCP options in a few different formats
depending on the context (see GH issue #866):
* at the top of an RFC 1048 block:
* known options: [string] name and [decimal] tag
* unknown options: tag twice
* inside a Parameter Request (55) block:
* known options: name
* unknown options: tag
Change it to use the "Name (tag)" format (as in TCP, BGP, etc) in all
contexts. Update output for 8 tests.
Commit e89bfcd in December 2000 among other things had introduced
the following code points from the IANA "BOOTP Vendor Extensions and
DHCP Options" registry:
* TAG_AGENT_MASK (84)
* TAG_6OVER4 (96)
* TAG_IPX_COMPAT (110)
* TAG_FAILOVER (115)
* TAG_EXTENDED_REQUEST (126)
* TAG_EXTENDED_OPTION (127)
The current revision of the registry lists every code above as
"Removed/Unassigned" with a reference to RFC 3679 published in January
2004. Remove the code points and any associated code.
The first nibble of the option 81 flags field must be zero.
The current flags are in the second nibble.
From RFC 4702:
2.1. The Flags Field
The format of the 1-octet Flags field is:
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| MBZ |N|E|O|S|
+-+-+-+-+-+-+-+-+
[...]
The remaining bits in the Flags field are reserved for future
assignment. DHCP clients and servers that send the Client FQDN
option MUST clear the MBZ bits, and they MUST ignore these bits.
Replace more calls to ipaddr_string()/ip6addr_string() with calls to
GET_IPADDR_STRING()/GET_IP6ADDR_STRING() macros performing bounds
checking.
Add similar bounds-checking inline functions and macros to wrap
linkaddr_string(), etheraddr_string(), and isonsap_string() and convert
calls to them to use the macros as well.
Shuffle the inline functions in addrtoname.h around a bit, so that the
inline functions, external declarations, and macros are all in the same
order.
The exceptions are currently:
Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer.
An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer
pointer.
nd_printztn() returns 0 if the string is truncated; check for it
returning zero, not for returning a non-zero value.
This fix was supplied in GitHub issue #685.
The functions are: nd_print, nd_printztn, nd_printn and nd_printzp.
Trying to make it clearer that they currently have to be used only on part
of the packet buffer.
Update some comments.
Structures that describe packet formats now all use nd_ types, none of
which require more than 1-byte alignment, so compilers shouldn't assume
that anything in those structures is aligned on any particular boundary,
even without a "this is unaligned" hint.
This ensures that we have no purportedly-aligned-but-not-necessarily-
unaligned values that we access; we have to use EXTRACT_ macros/functions
to get at IPv4 address values.
Instead, use compiler test macros to check whether *particular*
attributes are supported, and set various #defines appropriately, in
header files.
Rename the UNALIGNED structure attribute to ND_UNALIGNED, and ask
whether we still need it.
This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options. This way, we always pick up the
same config.h, in the build directory.
This avoid some Coccinelle warnings:
CPP-DEFINE: inside function, I treat it as comment
CPP-UNDEF: inside function, I treat it as comment
This also makes the code a bit clearer.
Now all the macros have a name meaning a count in bytes.
With _S_: signed, _U_: unsigned
e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4
and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8 -> EXTRACT_S_1
This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't cause 'tcpdump: pcap_loop: truncated dump file'
It can't be told to stop at the end of the packet data. Add a
fn_printztn() that prints null-terminated strings, with a length check,
and which returns the number of bytes processed, or 0 if we ran out of
data. That means it does the scanning we need, but safely.
Use it in the TFTP and BOOTP printers.
Fixes a heap overflow found with American Fuzzy Lop by Hanno Böck.
with the tag '\summary:' for greping.
Remark: Currently some printers have no summary line.
Moreover:
Summarize all printers with a single line in INSTALL.txt
