Add bounds checks, do a common check to make sure we captured the entire
subTLV, add checks to make sure the subTLV fits within the TLV.
This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
Add tests using the capture files supplied by the reporter(s), modified
so the capture files won't be rejected as an invalid capture.
Update existing tests for changes to IS-IS dissector.
Always print the SNPA, and flag it as such; only print it as a MAC
address if it's 6 bytes long.
Identify the NET as such.
This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
Add tests using the capture files supplied by the reporter(s), modified
so the capture files won't be rejected as an invalid capture.
Probably a copy-and-pasteo.
This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.
Add a test using the capture file supplied by the reporter(s).
This fixes a buffer over-read discovered by Forcepoint's security
researchers Otto Airamo & Antti Levomäki.
Add tests using the capture files supplied by the reporter(s).
This fixes a buffer over-read discovered by Kamil Frankowicz.
Don't pass the remaining caplen - that's too hard to get right, and we
were getting it wrong in at least one case; just use ND_TTEST().
Add a test using the capture file supplied by the reporter(s).
Check the packet length as well as the captured length.
Don't have separate "non-verbose" and "verbose" cases, so we don't
duplicate the length checks.
Print the right value for some length check errors.
Clean up the TLV parsing code - keep parsing until we completely run out
of data, but make sure, before we look at the TLV header, that we
haven't run past the end of the packet as well as that we haven't run
past the end of the captured data.
In the OSI checksum routine:
Have it take an unsigned length, so we don't have to worry about it
being negative.
Use ND_TTEST2 to check whether the checksum offset is within the
bounds of the packet.
If we don't have all the packet data to checksum, just report
"unverified", don't return a "truncated" error.
Those are needed in addition to the checks against li.
This should fix GitHub issue #562. I suspect issue #563 is a separate
problem.
Tweak length check messages to be more like the IS-IS ones, and fix both
to print unsigned values with %u, while we're at it.
Check that the destination and source addresses are present before
printing them.
Check the length value from the length indiator as we dissect the CLNS
header. Make sure that header doesn't go past the on-the-network length
of the packet.
Check to make sure an option's content doesn't go past the length of the
option.
Also, don't print the body of an unknown option type twice with -vv and
more.
with the tag '\summary:' for greping.
Remark: Currently some printers have no summary line.
Moreover:
Summarize all printers with a single line in INSTALL.txt
Just pass it a pointer to a routine to do the clearing and a pointer to
the data that needs to be cleared; signature_verify() will relocate all
pointers to stuff that needs to be cleared to point into the copy, clear
the signature itself, and call the routine to clear anything else.
Moreover:
Add/fix a lot of bounds and length checks.
Add and use tstr[] string.
Fix some typos.
Update the output of a test according to these changes.
Have our own routines to convert between IPv4/IPv6 addresses and
strings; that helps if, for example, we want to build binary versions of
tcpdump for Windows that can run both on NT 5 (W2K/WXP), which doesn't
have inet_ntop() or inet_pton(), and NT 6 (Vista/7/8/10), which do. It
also means that we don't require IPv6 library support on UN*X to print
addresses (if somebody wants to build tcpdump for older UN*Xes lacking
IPv6 support in the system library or in add-on libraries).
Get rid of files in the missing directory that we don't need, and
various no-longer-necessary autoconf tests.
The warnings were:
./print-isoclns.c: In function 'osi_print_cksum':
./print-isoclns.c:3107:23: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
|| length > ndo->ndo_snaplen
^
./print-isoclns.c:3108:32: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
|| checksum_offset > ndo->ndo_snaplen
^
The purpose of this macro was to enable the file-by-file switch to NDO,
after which only tcpdump.c had a use of it and the definitions guarded
by it. Update tcpdump.c not to require them any more and dismiss the
unused definitions.
Always define and declare ip6_print(), always compile print-ip6.c, and
always call it if we recognize a payload as IPv6. If INET6 isn't
defined, ip6_print() will just print the length and note that printing
isn't supported.
That way, we don't do weird dissection of IPv6 packets on systems
without IPv6 support, due to, for example, ethertype_print() returning 0
("not dissected") for IPv6 packets on those systems (IPv6-over-Frame
Relay was dissected weirdly due to this).
And, as we require at least autoconf 2.61, and as autoconf 2.61 and
later have AC_TYPE_UINTn_T and AC_TYPE_INTn_T macros, we use them to
define the uintN_t and intN_t macros if the system doesn't define them
for us.
This lets us get rid of bitypes.h as well.
Have them take a netdissect_options * argument, and get the "no name
resolution" flag from it.
Move the declaration of dnaddr_string to addrtoname.h, along with the
other XXX-to-string routines.
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.
