Now all the macros have a name meaning a count in bytes.
With _S_: signed, _U_: unsigned
e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4
and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8 -> EXTRACT_S_1
This is a follow-up to commit e606750 (RFC 3162).
Move the bounds check before the code that reads from the input buffer,
make the IPv6 address temporary buffer right-sized, add a test and a
diagnostic message for the prefix length.
NAS IPv6 Address (95)
Framed Interface ID (96)
Framed IPv6 Prefix (97)
Login IPv6 Host (98)
Framed IPv6 Route (99)
Framed IPv6 Pool (100)
Added new functions to print ipv6 address and netmask, added unit test to test those.
Reverse the test in a for loop to test the length before testing whether
we have a null byte.
This fixes a buffer over-read discovered by Bhargava Shastry.
Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.
Clean up other length tests while we're at it.
with the tag '\summary:' for greping.
Remark: Currently some printers have no summary line.
Moreover:
Summarize all printers with a single line in INSTALL.txt
The purpose of this macro was to enable the file-by-file switch to NDO,
after which only tcpdump.c had a use of it and the definitions guarded
by it. Update tcpdump.c not to require them any more and dismiss the
unused definitions.
Always show the tag as "Tag[XXX]" and always put a space between that
and the rest of the value, with no comma.
If the tag is present but unused, always show it as "Tag[Unused]".
Before, VLAN attributes that had a tag 1 looked like this:
Tunnel Medium Attribute (65), length: 6, Value: Tag[1]802
Tunnel Private Group Attribute (81), length: 4, Value: Tag 14
With the Tunnel-Medium-Type attribute (65), it is clear where the tag ends and the value begins. With this patch, the value for a string type (like Tunnel-Private-Group-Id) looks similar:
Tunnel Private Group Attribute (81), length: 4, Value: Tag[1]4
And, as we require at least autoconf 2.61, and as autoconf 2.61 and
later have AC_TYPE_UINTn_T and AC_TYPE_INTn_T macros, we use them to
define the uintN_t and intN_t macros if the system doesn't define them
for us.
This lets us get rid of bitypes.h as well.
Have them take a netdissect_options * argument, and get the "no name
resolution" flag from it.
Move the declaration of dnaddr_string to addrtoname.h, along with the
other XXX-to-string routines.
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.
For each decoder that has more than one instance of truncation signaling
and prints the same string in each instance make sure that the string is
declared as "static const char tstr[]" right after the initial includes
block. Where necessary, replace fputs(s, stdout) with equivalent
printf("%s", s).
Make sure all of them are declared const and most of them -- static.
Proper declaration of token arrays is a common review point for new code
that is based on existing decoders. Thus fix the issue at its root.
just add some additional TCHECK/TCHECK2 bounds checks to the code that
dissects attributes and let that handle the snapshot length checks.
Do the length check once per attribute, rather than doing a single check
up front.
Use TCHECK/TCHECK2 and TTEST/TTEST2, so that we print "too short"
indications. Make the "too short" indications all look the same.
Rename "radius_attr_print()" to "radius_attrs_print()" to make it
clearer that it has a loop to print all attributes, rather than just
printing one attribute.
As per Steiner Haug, the length of a vendor-specific attribute includes
the type and length bytes, so subtract two from the length to get the
length of the attribute's data.
The first critical piece of code is found in print-isakmp.c:332. The
function rawprint() does not check its arguments thus it's easy for
an attacker to pass a big 'len' or a bogus 'loc' leading to a
segmentation fault in the for loop.
The second bug is located in print-radius.c:471. The for loop of
print_attr_string() is written in an unsafe manner. 'length'
and 'data' should be checked.
