Prevent a possible buffer overread in chdlc_print() and replace the
custom check in chdlc_if_print() with a standard check in chdlc_print()
so that the latter certainly does not over-read even when reached via
juniper_chdlc_print(). Add length checks.
If it returns -1, it's an error; report the error.
If it returns 0, but the list is empty, that's not an error in
pcap_findalldevs(); report it explicitly as "no interfaces available for
capture".
[print-atalk.c:283]: (style) The scope of the variable 'c' can be
reduced.
[print-atalk.c:380]: (style) The scope of the variable 'c' can be
reduced.
[print-atalk.c:360]: (style) Variable 'c' is assigned a value that is
never used.
[print-forces.c:316] -> [print-forces.c:323]: (warning) Shifting 32-bit
value by 32767 bits is undefined behaviour. See condition at line 323.
[print-forces.c:316]: (error) Shifting by a negative value is undefined
behaviour
[print-syslog.c:98]: (style) Array index 'msg_off' is used before limits
check.
Even though this is a false positive in this specific case, let's not
have it around, this will make it less likely missing a real one.
This change adds checks that were missing from the recent NTP code and
could cause a buffer over-read vulnerability (see earlier commits for
rationale).
Rename NTP_MSG_MINLEN to NTP_TIMEMSG_MINLEN for clarity and introduce and
use NTP_CTRLMSG_MINLEN. With this change ntp_control_print() can detect
invalid packets better.
In print-ntp.c:
Rename struct ntpdata into struct ntp_time_data and add new
struct ntp_control_data to map NTP Control messages.
Add figure of NTP Control Message Header as comment.
Add union ntpdata to provide a common view on NTP messages.
Rename ntp_print() to ntp_time_print(), using new structures.
Improve comment and re-arrange fields in ntp_print().
Add ntp_control_print() to handle NTP Control Messages.
Output R, E, M, OpCode, Sequence, Status, Assoc, Offset, and Count in
ntp_control_print().
A new ntp_print() will decode only the very basics (VN, LI and Mode)
to call ntp_time_print() or ntp_control_print(), depending on Mode.
poll() is a system API on UN*Xes, so calling a variable "poll" causes
"declaration of 'poll' shadows a global declaration" warnings in some
compilers. Call the argument "poll_interval" instead.
Report if it's not, and don't use it as an out-of-bounds index into an
array.
This fixes a buffer overflow discovered by Wilfried Kirsch.
Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.
safeputs() doesn't do packet bounds checking of its own; it assumes that
the caller has checked the availability in the packet data of all maxlen
bytes of data. This means we should check that we're within the
specified limit before looking at the byte.
This fixes a buffer over-read discovered by Kamil Frankowicz.
Add a test using the capture file supplied by the reporter(s).
Attempt to allocate the buffer before doing any decryption calls and, if
the attempt fails, report an error and return an error indication.
Make sizes unsigned, as they can't be negative;
EVP_CIPHER_CTX_block_size() returns an int, but that's just because they
picked the wrong data type in OpenSSL.
No need to use calloc() for the output buffer - just use malloc().
In ntp_print() add a missing length check to reject packets that are
declared too short, make the existing length checks easier to follow and
add a catch-all block after the known message layouts.
This fixes a bug where an invalid packet could be erroneously printed
like it is valid so long as the provided buffer was large enough. That
said, the bounds checks were done correctly so there was no over-read.
We don't want to try to suppress warnings about discarding the const
qualifier, as that's something we need to fix. Adding the extra
variable doesn't suppress it on some platforms, so it's not useful
there, and if it does suppress it, we don't want that.
And we weren't doing it in the other case, anyway.
Comment in both cases with an XXX comment about the cast.
print-ntp.c: Change p_ntp_time() to print NTP timestamps in UTC instead
of local time. This allows for consistent output for automatic testing
different time zones. Also use an ISO 8601 (RFC3339) format for the
time stamps.
In NTPv4 (RFC 5905) the refid field for stratum > 1 is an IPv4 address
or first 32 bits of MD5 sum of an IPv6 address. It's not possible to
tell which of the two it actually is. Print the field as a hexadecimal
number in order to not confuse refids generated from IPv6 addresses with
IPv4 addresses.
The poll value in an NTP packet is a signed integer. For negative values
print the interval as a fraction of second. Also, ignore values outside
of interval (-32, 32).
The EVP_Cipher function should not be called with the same buffer as
input and output. It works fine on most architectures, but fails on
PowerPC. There is also a second problem, that we write the output to a
const buffer, but this issue is not addressed with this PR.
On Linux getprotobynumber() returns different results for the same
argument depending on the contents of /etc/protocols at runtime
(expectedly but gets in the way of reproducible test cases). On FreeBSD
it returns results that are irrelevant of the contents of /etc/protocols
at runtime (unexpectedly). Other implementations exist and may expose
interesting properties too. And if the host uses LDAP instead of
/etc/protocols for name services, a call to that function may cause LDAP
handle the request. All of the above is not right for the specific task
of network protocols decoding, which needs to be fast and deterministic.
As the protocol number space is just 8-bit, add a 256-element array of
strings/NULLs for the translation and a wrapper function around it for
index range enforcement. Change the code to use the new function instead
of getprotobynumber().
Fix a typo while at it.
