Commit Graph

122 Commits

Author SHA1 Message Date
Francois-Xavier Le Bail
a2bbbe3888 NFS: Fix the format for printing an unsigned int 2022-10-10 09:41:59 +02:00
Francois-Xavier Le Bail
80f4fbf961 NFS: Rename a printer
Rename print_nfsaddr() to nfsaddr_print, with _print suffix
like in most similar cases.
2022-05-22 15:38:27 +02:00
Francois-Xavier Le Bail
21b12733b6 Remove 15 now redundant ND_TCHECK_n() calls
ND_TCHECK_n(e).

They are redundant because they are followed by a GET_.*_n(e) call,
same n, same e, which do the bounds check.

Remove unused 'trunc' label(s) and most associated code(s).
2020-09-10 14:06:40 +02:00
Denis Ovsienko
51e180c4fb Remove 96 assorted ND_TCHECK calls.
Remove a number of instances that do not match common patterns and have
the only substantial effect on the code flow that a truncated packet
triggers "goto trunc" instead of longjmp(). (In a few cases this change
can increase the number of fields printed before giving up.)
2020-09-08 05:04:58 +01:00
Francois-Xavier Le Bail
abc8c2d61c Remove many (762) now redundant ND_TCHECK_n() calls
ND_TCHECK_n(e), n in { 1, 2, 3, 4, 8 }.

They are redundant because they are followed by a GET_.*_n(e) call,
same n, same e, which do the bounds check.

Remove unused 'trunc' labels and most associated codes.

Update the outputs of some tests accordingly.
2020-09-06 20:22:29 +02:00
Guy Harris
306c2a0384 More bounds checking when fetching addresses and converting to strings.
Replace more calls to ipaddr_string()/ip6addr_string() with calls to
GET_IPADDR_STRING()/GET_IP6ADDR_STRING() macros performing bounds
checking.

Add similar bounds-checking inline functions and macros to wrap
linkaddr_string(), etheraddr_string(), and isonsap_string() and convert
calls to them to use the macros as well.

Shuffle the inline functions in addrtoname.h around a bit, so that the
inline functions, external declarations, and macros are all in the same
order.
2020-01-19 19:55:38 -08:00
Guy Harris
866358cc52 Clean up rounding up.
Have roundup2() cast the power-of-2 argument to u_int; that way, you
don't have to explicitly define it as an unsigned value in order to
avoid compiler or UBSan complaints about signed integers.

Use it instead of rolling our own rounding-to-a-power-of-2.
2019-11-10 20:51:48 -08:00
Guy Harris
1ed63b5d06 Remove more old-compiler compensation.
We require an environment with a C99-compatible snprintf(), so we don't
need to work around older implementations.  Make the configuration
process fail if we don't have snprintf() and vsnprintf().

We require at least VS 2015, so we don't have to check for _MSC_VER >=
1400.  Make the build fail if we don't have at least VS 2015.

We apparently do, however, have to use __inline, as the VS 2015
documentation doesn't meaning plain old "inline".  Update a comment.
2019-08-08 23:21:35 -07:00
Francois-Xavier Le Bail
0c9cfdcb0d Use nd_ipv6 rather than struct in6_addr 2019-06-10 15:32:20 +02:00
Francois-Xavier Le Bail
ee68aa3646 Use the new GET_ macros instead of the EXTRACT_ ones
The exceptions are currently:
Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer.
An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer
pointer.
2019-03-26 21:06:24 +01:00
Francois-Xavier Le Bail
1af20c3adc Add the ndo parameter to some functions
This parameter will be needed at the next step.
2019-03-26 21:06:23 +01:00
Francois-Xavier Le Bail
ff10db64d6 NFS: Fix an undefined behavior at runtime
The error was:
print-nfs.c:537:2: runtime error: unsigned integer overflow:
4294967295 + 3 cannot be represented in type 'unsigned int'
print-nfs.c:541:14: runtime error: unsigned integer overflow:
4294967295 + 3 cannot be represented in type 'unsigned int'

Add a test case.
2019-03-17 21:37:01 +01:00
Guy Harris
3eec801c5a Reorganize the dissection code a bit.
Get rid of the global nfserr variable and, instead, have it be local to
interp_reply().  That means one less global variable, which may be good
if any multi-threaded program tries to use libnetdissect in more than
one thread (there are still global variables that would have to be
removed), and gets rid of some cases where we didn't need to set it.

Don't bundle multiple operations inside an if clause.  This squelches
some warnings from MSVC, and makes the code a bit more uniform and a bit
easier to understand (and, in the process of doing that, found a bug
that was fixed in 596aca3d93).
2018-09-18 00:07:24 -07:00
Guy Harris
596aca3d93 Fix dissection of NFSv3 WRITE and LINK replies.
Don't report them all as truncated if -v isn't specified.
2018-09-16 08:33:38 -07:00
Viral Mehta
955e4a763b print verifier cookie for write and commit operation 2018-09-05 10:55:08 +01:00
Guy Harris
19671cc62f Use nd_uint types for structures used to overlay packets. 2018-06-22 17:19:18 -07:00
Guy Harris
279bd14fc5 Clean up processing of RPC request header.
Don't just blast through it and do a single check at the end to make
sure we didn't run past the end of the packet; check for the
fixed-length part of the credentials, then check for the variable-length
part of the credentials, and then do the same two steps for the
verifier.

Fix the checks against the on-the-network length while we're at it.
2018-06-22 15:28:10 -07:00
Francois-Xavier Le Bail
ba8936b39b Print truncations with nd_print_trunc() instead of tstr[] strings
Remove the tstr[] strings.
Update the output of some tests accordingly.

Moreover:
Add or update some ndo_protocol fields.
2018-05-04 13:47:49 +02:00
Francois-Xavier Le Bail
3e3e6d2ef4 Rename the fn_printX() functions to nd_printX()
The functions are: nd_print, nd_printztn, nd_printn and nd_printzp.
Trying to make it clearer that they currently have to be used only on part
of the packet buffer.
Update some comments.
2018-04-30 13:35:06 +02:00
Francois-Xavier Le Bail
546558eabd Add the ndo_protocol field in the netdissect_options structure
Update this field in printer entry functions.
It will be used for some printings.
2018-03-16 19:44:47 +01:00
Francois-Xavier Le Bail
0ee15606e2 Remove unneeded '&' when getting a pointer to a nd_ipv6 type 2018-01-31 16:43:50 +01:00
Francois-Xavier Le Bail
5922b80797 Remove unneeded '&' when getting a pointer to a nd_ipv4 type 2018-01-31 16:43:50 +01:00
Guy Harris
0dad1934af Have ip{6}addr_string take a u_char * as the second argument.
Fix warnings that introduces.
2018-01-31 00:43:45 -08:00
Guy Harris
c499612a7f Add nd_{v}snprintf() routines/wrappers.
Some versions of the MSVC runtime library have a non-C99-compliant
vsnprintf(), which we want to avoid.  On Windows, use snprintf() and
vsnprintf() for VS 2015 and later, where they both exist in
C99-compliant forms, and wrap _{v}snprintf_s() otherwise (they're
guaranteed to do the null termination that we want).
2018-01-29 15:48:55 -08:00
Francois-Xavier Le Bail
aa023de590 NFS: Use more ND_TCHECK_n() macros 2018-01-24 11:09:25 +01:00
Francois-Xavier Le Bail
6e15ad4b99 Use more ND_TCHECK_n() macros 2018-01-22 21:51:29 +01:00
Guy Harris
fb2479d733 Always include <config.h> rather than "config.h".
This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options.  This way, we always pick up the
same config.h, in the build directory.
2018-01-21 12:27:28 -08:00
Francois-Xavier Le Bail
224629731a NFS: Use more ND_TTEST_n() macros 2018-01-21 19:44:42 +01:00
Francois-Xavier Le Bail
513f782ae1 Use quoted include netdissect-stdinc.h instead of angle-bracketed one 2018-01-21 10:28:15 +01:00
Francois-Xavier Le Bail
f252fd6aea Remove unneeded '&' when getting a pointer to an nd_uintN_t type 2018-01-11 23:06:48 +01:00
Guy Harris
64677b0d78 Clean up signed vs. unsigned. 2018-01-11 11:52:30 -08:00
Francois-Xavier Le Bail
e2982e7f6f Update ND_PRINT() as a variadic macro 2018-01-07 13:36:41 +01:00
Francois-Xavier Le Bail
d526e47658 Use ND_TTEST_SIZE()/ND_TCHECK_SIZE() macros (1/n) 2018-01-03 21:32:07 +01:00
Francois-Xavier Le Bail
8b89eb8f6b NFS: Use more the ND_TCHECK_4() macro 2017-12-24 13:21:21 +01:00
Guy Harris
811063b60d Add comments explaining why using EXTRACT_BE_U_4() isn't wrong.
When showing a readdir verifier, using big-endian means that it shows
the verifier as a string of 16 octet values, from the first to the last,
which makes sense, and which means that the way we display it is
independent of the byte order of the host running tcpdump, which is a
Good Thing.

When showing a file handle, the same applies, although one could make a
case for not separating the 4-octet words with colons, and just showing
it as a sequence of octets.
2017-12-17 22:53:56 -08:00
Francois-Xavier Le Bail
9113e560eb NFS: Use more the EXTRACT_BE_U_4 macro 2017-12-17 09:30:00 +01:00
Guy Harris
e18798ad05 Use EXTRACT_BE_U_4() to fetch a 4-byte big-endian value from a packet. 2017-12-16 00:34:12 -08:00
Francois-Xavier Le Bail
5cea270318 Remove all storage class specifier 'register'
Let the compiler do the optimizations (or not) based on build options.

Avoid 'value has been optimized out' messages in gdb using '-O0'.
2017-12-13 19:17:47 +01:00
Francois-Xavier Le Bail
84ef17ac0e Replace ND_TTEST2()/ND_TCHECK2() macros by macros using pointers (1/n)
ND_TTEST2(var, l)  -> ND_TTEST_LEN(p, l)
ND_TCHECK2(var, l) -> ND_TCHECK_LEN(p, l)
2017-12-11 22:11:01 +01:00
Francois-Xavier Le Bail
da20bc56d6 Rename EXTRACT_ macros
Now all the macros have a name meaning a count in bytes.

With _S_: signed, _U_: unsigned

e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4

and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8  -> EXTRACT_S_1
2017-11-22 23:54:09 +01:00
Francois-Xavier Le Bail
93bee24026 Use pointer expressions like in most similar cases 2017-11-20 22:58:59 +01:00
Francois-Xavier Le Bail
577621026d Rename EXTRACT_nBITS() macros to EXTRACT_BE_nBITS()
It indicates clearly that these macros are used to extract big-endian
integral values.
2017-11-18 13:56:40 +01:00
Francois-Xavier Le Bail
6151e2190b NFS: Rename two printer functions
Their names must end with '_print'
2017-11-16 13:59:17 +01:00
Guy Harris
9aa08721e7 NFS: Check for all relevant RPC call body fields at the beginning.
If we don't have the procedure number, we'll give up eventually; might
as well give up before we do any work that'll be thrown away.
2017-09-13 12:25:44 +01:00
Francois-Xavier Le Bail
b45a9a167c CVE-2017-13005/NFS: Add two bounds checks before fetching data
This fixes a buffer over-read discovered by Kamil Frankowicz.

Add a test using the capture file supplied by the reporter(s).
2017-09-13 12:25:44 +01:00
Guy Harris
7a923447fd CVE-2017-13001/NFS: Don't copy more data than is in the file handle.
Also, put the buffer on the stack; no reason to make it static.  (65
bytes isn't a lot.)

This fixes a buffer over-read discovered by Kamil Frankowicz.

Add a test using the capture file supplied by the reporter(s).
2017-09-13 12:25:44 +01:00
Guy Harris
19d25dd878 CVE-2017-12898/NFS: Fix bounds checking.
Fix the bounds checking for the NFSv3 WRITE procedure to check whether the
length of the opaque data being written is present in the captured data,
not just whether the byte count is present in the captured data.
furthest forward in the packet, not the item before it.  (This also lets
us eliminate the check for the "stable" argument being present in the
captured data; rewrite the code to print that to make it a bit clearer.)

Check that the entire ar_stat field is present in the capture.

Note that parse_wcc_attr() is called after we've already checked whether
the wcc_data is present.

Check before fetching the "access" part of the NFSv3 ACCESS results.
This fixes a buffer over-read discovered by Kamil Frankowicz.

Include a test for the "check before fetching the "access" part..." fix,
using the capture supplied by the reporter(s).
2017-09-13 12:25:44 +01:00
Francois-Xavier Le Bail
ca54d72376 Declare some variables as static 2016-09-11 21:45:26 +02:00
Francois-Xavier Le Bail
12857bf113 Improve code readability: A pointer should not be compared to zero
Using Coccinelle script badzero.cocci
2016-08-25 09:48:49 +02:00
Francois-Xavier Le Bail
11d3a01319 Move the printer summaries from INSTALL.txt to each printer
with the tag '\summary:' for greping.
Remark: Currently some printers have no summary line.

Moreover:
Summarize all printers with a single line in INSTALL.txt
2016-08-14 17:03:43 +02:00