Also, put the buffer on the stack; no reason to make it static. (65
bytes isn't a lot.)
This fixes a buffer over-read discovered by Kamil Frankowicz.
Add a test using the capture file supplied by the reporter(s).
Fix the bounds checking for the NFSv3 WRITE procedure to check whether the
length of the opaque data being written is present in the captured data,
not just whether the byte count is present in the captured data.
furthest forward in the packet, not the item before it. (This also lets
us eliminate the check for the "stable" argument being present in the
captured data; rewrite the code to print that to make it a bit clearer.)
Check that the entire ar_stat field is present in the capture.
Note that parse_wcc_attr() is called after we've already checked whether
the wcc_data is present.
Check before fetching the "access" part of the NFSv3 ACCESS results.
This fixes a buffer over-read discovered by Kamil Frankowicz.
Include a test for the "check before fetching the "access" part..." fix,
using the capture supplied by the reporter(s).
with the tag '\summary:' for greping.
Remark: Currently some printers have no summary line.
Moreover:
Summarize all printers with a single line in INSTALL.txt
Have our own routines to convert between IPv4/IPv6 addresses and
strings; that helps if, for example, we want to build binary versions of
tcpdump for Windows that can run both on NT 5 (W2K/WXP), which doesn't
have inet_ntop() or inet_pton(), and NT 6 (Vista/7/8/10), which do. It
also means that we don't require IPv6 library support on UN*X to print
addresses (if somebody wants to build tcpdump for older UN*Xes lacking
IPv6 support in the system library or in add-on libraries).
Get rid of files in the missing directory that we don't need, and
various no-longer-necessary autoconf tests.
Use UNALIGNED_MEMCPY() to extract the XID from it; otherwise, this might
crash on machines that require strict alignment (e.g., SPARC machines).
Fixes GitHub issue #478.
The purpose of this macro was to enable the file-by-file switch to NDO,
after which only tcpdump.c had a use of it and the definitions guarded
by it. Update tcpdump.c not to require them any more and dismiss the
unused definitions.
And, as we require at least autoconf 2.61, and as autoconf 2.61 and
later have AC_TYPE_UINTn_T and AC_TYPE_INTn_T macros, we use them to
define the uintN_t and intN_t macros if the system doesn't define them
for us.
This lets us get rid of bitypes.h as well.
Have them take a netdissect_options * argument, and get the "no name
resolution" flag from it.
Move the declaration of dnaddr_string to addrtoname.h, along with the
other XXX-to-string routines.
Both interface.h and netdissect.h include <pcap.h>, thus most files
should not include it regardless if these need it or not. The only
exceptions so far remain:
* addrtoname.c
* missing/datalinks.c
* missing/dlnames.c
* tcpdump.c
Change the UDP NFS printing format to match the current format of TCP
NFS printing (this complements commits f3051bc and 29d83db).
Update the man page to use the new format (this complements commit
2c86c75).
Restore printing of NFS packet length, which was broken in commit
68fe98a.
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.
For each decoder that has more than one instance of truncation signaling
and prints the same string in each instance make sure that the string is
declared as "static const char tstr[]" right after the initial includes
block. Where necessary, replace fputs(s, stdout) with equivalent
printf("%s", s).
NFS file handle is an opaque server-issued sequence of bytes. Parse_fh()
function implements heuristics to decode file handles generated by some
NFS servers, among other information extracting the node (inode) number.
It decodes only 32-bit node numbers.
NFS implementations use ino_t C type to represent the node number. The
type size may vary across implementations/encodings and may be missing
during compile time.
Tcpdump used to have its own typedef for ino_t. Gisle Vanem points that
it caused a problem with MSVC v.16.00.40219.01 for 80x86, which defines
the same type in <sys/types.h>. This change fixes tcpdump code to use
u_int32_t and removes the typedef.
Make sure all of them are declared const and most of them -- static.
Proper declaration of token arrays is a common review point for new code
that is based on existing decoders. Thus fix the issue at its root.
'int32_t' isn't 'int' for all targets. Some Windows targets have
it defined as 'signed int' in <win32/Include/bittypes.h>. So print-nfs.c
does not compile cleanly; conflicting definition of xid_map_find().
When debugging NFS operations one may find it easier to get the actual access
flags decoded rather than having to look up the NFS access flags to find which
permissions were requested by the client.
Reviewed-by: Guy Harris <guy@alum.mit.edu>
items in the RPC header.
When dissecting NFS over TCP, fetch the fragment header length, use it
to limit the dissection of the request or reply (in case there's more
than one request or reply in the packet), and do the same
direction-plus-port checks that are done for NFS over UDP. Also
eliminate the bounds check for the RPC header in the TCP dissector code,
and do checks for the fields it looks at (other checks are done by the
NFS dissector).
with a maximum length, where a string shorter than that length is padded
with NULs), as "fn_print()" won't handle the maximum length *and* the
snapshot length and "fn_printn()" won't stop on a null string. Use it
where appropriate.
Always pass "snapend" to "fn_print()" and "fn_printn()" if they're
passed a pointer into the packet data; only pass NULL if they're being
handed a pointer into a buffer that's not part of the packet data.
Always check the return value of "fn_print()", "fn_printn()", and
"fn_printzp()" if they're passed "snapend", and do the appropriate
string termination and "packet truncated" indication if they return 1.
the wire; the definitions in many systems use u_long, which is 64 bits
long on many platforms - that's OK for in-memory structures, but it
doesn't match what's on the wire. Use headers based on the Sun ones,
but use u_int32_t for fields, and otherwise make the structures match
what's on the wire, and change some names to avoid collision with
<rpc/rpc.h>, which print-sunrpc.c includes to declare "getrpcbynumber()"
and the structure it returns.
Record whether "getrpcbynumber()" is found, and use it only if it's
found, rather than basing the decisison on whether we're building for
Win32 or not.
appropriately, and that GNUmakefile and the MSVC++ project file define
it apppriately, as we do with libpcap, rather than defining it in
"interface.h".
Undo the rcsid-shuffling and addition of extra #includes, as we no
longer need to arrange that "interface.h" be included before using _U_
in an RCS ID or copyright.
use "_U_" in the definitions of "rcsid[]", to eliminate
complaints about those variables being unused;
move the definitions after the include of "interface.h", or add
an include of "interface.h", so that "_U_" is defined.
Include "config.h" before including "tcpdump-stdinc.h" in
"missing/datalinks.c".
compile with Sun C, as "interface.h" isn't being included before the
structures are being declared.
Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun
C to generate code that's safe with unaligned accesses, as
"__attribute__" is defined as a do-nothing macro with compilers that
don't support it.
Therefore, we get rid of that tag on the structures to which it was
added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch
16-bit and 32-bit big-endian quantities from packets. We also fix some
other references to multi-byte quantities to get rid of code that tries
to do unaligned loads on platforms that don't support them.
We also throw in a hack that makes those macros use
"__attribute__((packed))" on structures containing only one 16-bit or
32-bit integer to get the compiler to generate unaligned-safe code
rather than doing it by hand. (GCC on SPARC produces the same code that
doing it by hand does; I don't know if GCC on any other big-endian
strict-alignment processor generates better code for that case. On
little-endian processors, as "ntohs()" and "ntohl()" might be functions,
that might actually produce worse code.)
Fix some places to use "%u" rather than "%d" to print unsigned
quantities.
From Neil T. Spring: fixes for many of those warnings:
addrtoname.c, configure.in: Linux needs netinet/ether.h for
ether_ntohost
print-*.c: change char *foo = "bar" to const char *foo = "bar"
to appease -Wwrite-strings; should affect no run-time behavior.
print-*.c: make some variables unsigned.
print-bgp.c: plen ('prefix len') is unsigned, no reason to
validate by comparing to zero.
print-cnfp.c, print-rx.c: use intoa, provided by addrtoname,
instead of inet_ntoa.
print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to
be false, so check for (u_int)-1, which represents failure,
explicitly.
print-isakmp.c: complete initialization of attrmap objects.
print-lwres.c: "if(x); print foo;" seemed much more likely to be
intended to be "if(x) { print foo; }".
print-smb.c: complete initialization of some structures.
In addition, add some fixes for the signed vs. unsigned comparison
warnings:
extract.h: cast the result of the byte-extraction-and-combining,
as, at least for the 16-bit version, C's integral promotions
will turn "u_int16_t" into "int" if there are other "int"s
nearby.
print-*.c: make some more variables unsigned, or add casts to an
unsigned type of signed values known not to be negative, or add
casts to "int" of unsigned values known to fit in an "int", and
make other changes needed to handle the aforementioned variables
now being unsigned.
print-isakmp.c: clean up the handling of error/status indicators
in notify messages.
print-ppp.c: get rid of a check that an unsigned quantity is >=
0.
print-radius.c: clean up some of the bounds checking.
print-smb.c: extract the word count into a "u_int" to avoid the
aforementioned problems with C's integral promotions.
print-snmp.c: change a check that an unsigned variable is >= 0
to a check that it's != 0.
Also, fix some formats to use "%u" rather than "%d" for unsigned
quantities.
parsefattr misuses nfsv2 version members for v3.
print_int64 prints at least 9 digits unnecessarily.
-u flag doesn't always suppress decoding handles.
from Takashi Yamamoto <yamt@mwd.biglobe.ne.jp>.
