Enable ND_LONGJMP_FROM_TCHECK. Remove a few redundant ND_TCHECK*()
instances. Make asn1_print_octets() and asn1_print_string() void. Harden
an improvised snapshot end guard with ND_TCHECK_LEN().
ND_TCHECK_n(e).
They are redundant because they are followed by a GET_.*_n(e) call,
same n, same e, which do the bounds check.
Remove unused 'trunc' label(s) and most associated code(s).
ND_TCHECK_n(e), n in { 1, 2, 3, 4, 8 }.
They are redundant because they are followed by a GET_.*_n(e) call,
same n, same e, which do the bounds check.
Remove unused 'trunc' labels and most associated codes.
Update the outputs of some tests accordingly.
Some of them are locale-dependent, and all of them run the risk of
failing if you hand them a char with the 8th bit set.
Move our replacements to a new netdissect-ctype.h file, and, for the
ones that check for particular character types, add _ASCII to the name,
to indicate that only ASCII characters pass the check. Do the same for
the ones that map between cases, to indicate that they only map ASCII
letters.
For isspace(), explicitly check for the characters we care about, to
make it clearer what we're doing.
We require an environment with a C99-compatible snprintf(), so we don't
need to work around older implementations. Make the configuration
process fail if we don't have snprintf() and vsnprintf().
We require at least VS 2015, so we don't have to check for _MSC_VER >=
1400. Make the build fail if we don't have at least VS 2015.
We apparently do, however, have to use __inline, as the VS 2015
documentation doesn't meaning plain old "inline". Update a comment.
The exceptions are currently:
Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer.
An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer
pointer.
The functions are: nd_print, nd_printztn, nd_printn and nd_printzp.
Trying to make it clearer that they currently have to be used only on part
of the packet buffer.
Update some comments.
That also means we do one less decrement, so it's not as if testing
i-- rather than testing i and separately decrementing it is an
optimization.
Fix some types to unsigned while we're at it - and do the above change
for them, too.
Some versions of the MSVC runtime library have a non-C99-compliant
vsnprintf(), which we want to avoid. On Windows, use snprintf() and
vsnprintf() for VS 2015 and later, where they both exist in
C99-compliant forms, and wrap _{v}snprintf_s() otherwise (they're
guaranteed to do the null termination that we want).
This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options. This way, we always pick up the
same config.h, in the build directory.
Now all the macros have a name meaning a count in bytes.
With _S_: signed, _U_: unsigned
e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4
and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8 -> EXTRACT_S_1
Kamil Frankowicz had found that truncated BE_STR and BE_SEQ ASN.1
elements could lead to an overread, from the source code it looked like
other ids could have this problem too. Move the checks introduced in
commit 72e501f out of the switch blocks to cover all ids by default.
This fixes GH#559 and GH#566.
Have asn1_print() print out OIDs regardless of whether we have any
modules loaded or not.
Have smi_decode_oid decode the OID to an array of unsigned ints
regardless of whether we have any modules loaded or not.
Have smi_print_variable() just use asn1_print() to print the OID of a
variable binding if we don't have any modules loaded; in that case,
we're not going to try to look the OID up with libsmi, so we don't need
a decoded version.
Have smi_print_value() not bother decoding the OID or looking the OID up
if we don't have any modules loaded; also, if we *do* have modules
loaded, check whether smi_decode_oid() succeeds.
Have the OID prefixes be arrays of uint8_t, and put the size of the
array into the list, rather than having them be "strings" and et the
length with strlen().
Have a macro to encapsulate X.690 section 8.19.4's rules for the first
octet of an OID value, and use it; that makes the components of the OID
clearer.
Also, if the prefix is longer than the remaining data in the OID - or
the remaining captured data - just skip it, don't treat that as an
error.
Catch INTEGER values with a length of 0, so we don't fetch a byte that
doesn't belong to the value.
Fix what appears to be a long-standing bug in the OID prefix matching
code, wherein the length of the *first* prefix in the table is used as
the length of *all* prefixes, and add some packet-length checking to
that list.
Report packets with an invalid SNMP version number as being SNMP, so
we at least indicate *that*.
Pull the code in asn1_print() to print octet sequences and (presumed)
printable strings into routines of their own, and use them when we're
printing them outside asn1_print().
That fixes some cases where we can run past the end of the packet
buffer.
with the tag '\summary:' for greping.
Remark: Currently some printers have no summary line.
Moreover:
Summarize all printers with a single line in INSTALL.txt
Have the call to smiLoadModule() be in a nd_load_smi_module() routine.
Have it set a *global* flag indicating whether a module has been loaded;
that's not per-netdissect_options. Use that global flag in print-snmp.c
- and don't test it once per loop iteration, it's not going to change
while the loop is running.
Have a routine to return the version of the library if we're built with
it or NULL if we're not.
That removes the last of the code that tests USE_LIBSMI or uses libsmi
from tcpdump.c.
Even if frontend/backend separation is ongoing, keep coherence between
option name and flag name at the moment.
Option name is 'm', thus s/ndo_sflag/ndo_mflag/.
Rename the variable to "error_status", as that's what it represents, and
as that doesn't collide with the error() function. Don't set it and
then not use the resulting value.
The purpose of this macro was to enable the file-by-file switch to NDO,
after which only tcpdump.c had a use of it and the definitions guarded
by it. Update tcpdump.c not to require them any more and dismiss the
unused definitions.
