mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-11-24 02:23:27 +08:00
2f2e35168f
This bug was discovered and pinned down by Wim Torfs. The code in question handles DLT_IEEE802_11_RADIO datalink type, which consists of a variable-sized header, a variable number of fields and the actual 802.11 frame. The integers contained in the fields are aligned, properly extracting them is exactly the purpose of the existing "cpack" module. The issue with the current code is that it sets alignment base for cpack at the end of the variable-sized header, in other words, 64-bit integers would be properly extracted only so long as the header is 64-bit long, which only happens when the total number of bitmaps in it is odd (the minimum number of bitmaps is one). Once this condition isn't met, as is with two bitmaps, decoding becomes incorrect. The reporter's point that the alignment base must be the beginning of the variable-sized header is accurate. This commit adds a new cpack_advance() function to fast-forward the "c_next" pointer of a cpack_state context by an arbitrary number of octets. The ieee802_11_radio_print() function now uses it to skip the header and all its bitmaps, and the alignment base is now the header start.
57 lines
2.3 KiB
C
57 lines
2.3 KiB
C
/*-
|
|
* Copyright (c) 2003, 2004 David Young. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. The name of David Young may not be used to endorse or promote
|
|
* products derived from this software without specific prior
|
|
* written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY
|
|
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
|
|
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID
|
|
* YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
|
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
|
|
* OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#ifndef _CPACK_H
|
|
#define _CPACK_H
|
|
|
|
struct cpack_state {
|
|
u_int8_t *c_buf;
|
|
u_int8_t *c_next;
|
|
size_t c_len;
|
|
};
|
|
|
|
int cpack_init(struct cpack_state *, u_int8_t *, size_t);
|
|
|
|
int cpack_uint8(struct cpack_state *, u_int8_t *);
|
|
int cpack_uint16(struct cpack_state *, u_int16_t *);
|
|
int cpack_uint32(struct cpack_state *, u_int32_t *);
|
|
int cpack_uint64(struct cpack_state *, u_int64_t *);
|
|
|
|
u_int8_t *cpack_next_boundary(u_int8_t *buf, u_int8_t *p, size_t alignment);
|
|
u_int8_t *cpack_align_and_reserve(struct cpack_state *cs, size_t wordsize);
|
|
|
|
#define cpack_int8(__s, __p) cpack_uint8((__s), (u_int8_t*)(__p))
|
|
#define cpack_int16(__s, __p) cpack_uint16((__s), (u_int16_t*)(__p))
|
|
#define cpack_int32(__s, __p) cpack_uint32((__s), (u_int32_t*)(__p))
|
|
#define cpack_int64(__s, __p) cpack_uint64((__s), (u_int64_t*)(__p))
|
|
|
|
extern int cpack_advance(struct cpack_state *, const size_t);
|
|
|
|
#endif /* _CPACK_H */
|