Commit Graph

34 Commits

Author SHA1 Message Date
Guy Harris
0dad1934af Have ip{6}addr_string take a u_char * as the second argument.
Fix warnings that introduces.
2018-01-31 00:43:45 -08:00
Guy Harris
c499612a7f Add nd_{v}snprintf() routines/wrappers.
Some versions of the MSVC runtime library have a non-C99-compliant
vsnprintf(), which we want to avoid.  On Windows, use snprintf() and
vsnprintf() for VS 2015 and later, where they both exist in
C99-compliant forms, and wrap _{v}snprintf_s() otherwise (they're
guaranteed to do the null termination that we want).
2018-01-29 15:48:55 -08:00
Francois-Xavier Le Bail
944e93fa4c Remove function specifier 'inline' in printers
It was mostly used with large functions.

Moreover:
Put some function definition names at the beginning of line.
Fix a space.
2018-01-26 20:59:32 +01:00
Guy Harris
fb2479d733 Always include <config.h> rather than "config.h".
This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options.  This way, we always pick up the
same config.h, in the build directory.
2018-01-21 12:27:28 -08:00
Francois-Xavier Le Bail
513f782ae1 Use quoted include netdissect-stdinc.h instead of angle-bracketed one 2018-01-21 10:28:15 +01:00
Guy Harris
64677b0d78 Clean up signed vs. unsigned. 2018-01-11 11:52:30 -08:00
Francois-Xavier Le Bail
e2982e7f6f Update ND_PRINT() as a variadic macro 2018-01-07 13:36:41 +01:00
Francois-Xavier Le Bail
84ef17ac0e Replace ND_TTEST2()/ND_TCHECK2() macros by macros using pointers (1/n)
ND_TTEST2(var, l)  -> ND_TTEST_LEN(p, l)
ND_TCHECK2(var, l) -> ND_TCHECK_LEN(p, l)
2017-12-11 22:11:01 +01:00
Francois-Xavier Le Bail
6bb65331a5 Use more the EXTRACT_U_1() macro (53/n)
Assignment, p[n], (more)
2017-12-10 11:40:35 +01:00
Francois-Xavier Le Bail
07ac438e08 Use more the EXTRACT_U_1() macro (52/n)
Assignment, p[n]
2017-12-09 14:05:25 +01:00
Francois-Xavier Le Bail
4166458a2a Use more the EXTRACT_U_1() macro (46/n)
In: if (... p[n] ...) ...
2017-12-03 21:51:36 +01:00
Francois-Xavier Le Bail
61c422a88c Use more the EXTRACT_U_1() macro (43/n)
In: if (... p[n] ...) ...
2017-12-03 13:35:26 +01:00
Francois-Xavier Le Bail
e83dfd9b16 Simplify some expressions
This will also help some future scripted code updates.
2017-12-02 20:52:22 +01:00
Francois-Xavier Le Bail
505cd1fe15 Use more the EXTRACT_U_1() macro (39/n)
In some macros and functions call, p[n]
2017-12-01 15:48:41 +01:00
Francois-Xavier Le Bail
1a90fd99d2 Use more the EXTRACT_U_1() macro (28/n)
In ND_PRINT() macro call(s) (step 7).

p[n] ...
2017-11-26 15:44:43 +01:00
Francois-Xavier Le Bail
575188b5bf Use pointer expressions like in most similar cases 2017-11-25 18:21:18 +01:00
Francois-Xavier Le Bail
3ecde94f0c Use more ND_TCHECK_n() macros 2017-11-24 20:44:53 +01:00
Francois-Xavier Le Bail
da20bc56d6 Rename EXTRACT_ macros
Now all the macros have a name meaning a count in bytes.

With _S_: signed, _U_: unsigned

e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4

and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8  -> EXTRACT_S_1
2017-11-22 23:54:09 +01:00
Francois-Xavier Le Bail
716e07e060 Use more the EXTRACT_8BITS() macro to fetch a one-byte value (12/n)
In ND_PRINT() macro calls.
2017-11-20 09:40:00 +01:00
Francois-Xavier Le Bail
577621026d Rename EXTRACT_nBITS() macros to EXTRACT_BE_nBITS()
It indicates clearly that these macros are used to extract big-endian
integral values.
2017-11-18 13:56:40 +01:00
Guy Harris
bfeb9275e7 Fix function definition to match declaration.
It's declared as static, so define it as static.
2017-09-20 21:09:34 -07:00
Denis Ovsienko
7dd7b7e187 HNCP: Declare some variables as uint8_t.
u_char and uint8_t are the same type, just use uint8_t for some variables
and leave some no-op type casting out.
2017-09-15 11:57:50 +01:00
Denis Ovsienko
17f0687292 HNCP: There is no bug, update the comments. 2017-09-13 20:46:47 +01:00
Denis Ovsienko
c2f6833ddd CVE-2017-13044/HNCP: add DHCPv4-Data bounds checks
dhcpv4_print() in print-hncp.c had the same bug as dhcpv6_print(), apply
a fix along the same lines.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).
2017-09-13 12:25:44 +01:00
Denis Ovsienko
39582c04cc CVE-2017-13042/HNCP: add DHCPv6-Data bounds checks
hncp_print_rec() validates each HNCP TLV to be within the declared as
well as the on-the-wire packet space. However, dhcpv6_print() in the same
file didn't do the same for the DHCPv6 options within the HNCP
DHCPv6-Data TLV value, which could cause an out-of-bounds read when
decoding an invalid packet. Add missing checks to dhcpv6_print().

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s).
2017-09-13 12:25:44 +01:00
Denis Ovsienko
11fcafcf69 HNCP: refine snprintf() buffers sizing
This squelches a warning in format_256(), make a similar change to
format_nid() while at it.

$ gcc --version
gcc (GCC) 7.1.1 20170622 (Red Hat 7.1.1-3)

./print-hncp.c: In function ‘format_256’:
./print-hncp.c:175:26: warning: ‘%016lx’ directive output truncated writing 16 bytes into a region of size 12 [-Wformat-truncation=]
     snprintf(buf[i], 28, "%016" PRIx64 "%016" PRIx64 "%016" PRIx64 "%016" PRIx64,
                          ^~~~~~
./print-hncp.c:175:41: note: format string is defined here
     snprintf(buf[i], 28, "%016" PRIx64 "%016" PRIx64 "%016" PRIx64 "%016" PRIx64,
./print-hncp.c:175:26: note: using the range [0, 18446744073709551615] for directive argument
     snprintf(buf[i], 28, "%016" PRIx64 "%016" PRIx64 "%016" PRIx64 "%016" PRIx64,
                          ^~~~~~
./print-hncp.c:175:26: note: using the range [0, 18446744073709551615] for directive argument
./print-hncp.c:175:26: note: using the range [0, 18446744073709551615] for directive argument
./print-hncp.c:175:5: note: ‘snprintf’ output 65 bytes into a destination of size 28
     snprintf(buf[i], 28, "%016" PRIx64 "%016" PRIx64 "%016" PRIx64 "%016" PRIx64,
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          EXTRACT_64BITS(data),
          ~~~~~~~~~~~~~~~~~~~~~
          EXTRACT_64BITS(data + 8),
          ~~~~~~~~~~~~~~~~~~~~~~~~~
          EXTRACT_64BITS(data + 16),
          ~~~~~~~~~~~~~~~~~~~~~~~~~~
          EXTRACT_64BITS(data + 24)
          ~~~~~~~~~~~~~~~~~~~~~~~~~
     );
     ~
2017-07-20 21:04:56 +01:00
Guy Harris
06c4ca1ac2 Further IPv4-mapped IPv6 address cleanups.
Have a routine to check for those addresses, and use it in all cases.

Have a #define for the length of the fixed part of those addresses at
the beginning, and use it.

Fix a length check; Coverity noted that the check never failed, because
we were comparing the length of the prefix field in the packet with the
length of the IPv4 prefix, not the length of the IPv4 prefix plus the
fixed part at the beginning.
2016-10-30 11:15:40 -07:00
Guy Harris
fe01d2496c Fix handling of IPv4 prefixes.
Do *NOT* just use decode_prefix4(); it assumes that the data is in the
packet buffer, and does ND_TCHECK() on it, which is not guaranteed to
work if it's *not* in the packet buffer.  Instead, do something similar
to what decode_prefix4() does, but on an HNCP-style prefix.  Also, when
calling decode_prefix6(), pass it the actual size of the buffer we fill
in.

That buffer, BTW, does not need to be static, so it shouldn't be static.

Make sure we check *all* of the first 12 bytes of the prefix; just use
one memcmp call to check for 10 bytes of 0 followed by 2 bytes of 0xFF.

Don't use safeputs() on the formatted string for the prefix; it's
guaranteed 1) not to have any strange characters and 2) to be
null-terminated.

For invalid body lengths for a TLV, just report a error for that TLV,
but keep processing TLVs.

Handle "the prefix length is invalid" and "the prefix runs past the end
of the packet" differently.
2016-10-30 02:37:56 -07:00
Antonin Décimo
a9295dcb0c HNCP: fix incorrect time interval format 2016-09-02 14:18:31 +02:00
Francois-Xavier Le Bail
b38f324af9 Add a summary comment in all other printers
Moreover:
Remove some redundant comments
Update some summary comments
Update the specification URL for ATA over Ethernet (AoE) protocol
2016-08-15 22:42:38 +02:00
Francois-Xavier Le Bail
ad1b99d59a HNCP: Fix a warning on Solaris
The warning was:
"./print-hncp.c", line 367: warning: initializer will be sign-extended: -1
2016-08-10 15:41:20 +02:00
Guy Harris
79a0579b3a Squelch a warning.
time() is a standard C function; don't use time as the name of a
variable.
2016-08-02 12:59:47 -07:00
Guy Harris
174b3ec974 Use PRIx64 to print a 64-bit number in hex.
"lx" doesn't work on ILP32 or LLP64 platforms.
2016-07-29 13:00:48 -07:00
Jean-Raphaël GAGLIONE
75b7aeef9c Printer for HNCP (RFCs 7787 and 7788).
This is joint work with Antonin Décimo.
2016-07-28 21:09:41 +02:00