Skip to content
Permalink
Browse files Browse the repository at this point in the history
(for 4.9.3) LMP: Add some missing bounds checks
In lmp_print_data_link_subobjs(), these problems were identified
through code review.

Moreover:
Add and use tstr[].
Update two tests outputs accordingly.
  • Loading branch information
fxlb committed Aug 18, 2019
1 parent d97e942 commit 0b661e0
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 7 deletions.
9 changes: 8 additions & 1 deletion print-lmp.c
Expand Up @@ -31,6 +31,8 @@
#include "addrtoname.h"
#include "gmpls.h"

static const char tstr[] = " [|LMP]";

/*
* LMP common header
*
Expand Down Expand Up @@ -367,6 +369,7 @@ lmp_print_data_link_subobjs(netdissect_options *ndo, const u_char *obj_tptr,
} bw;

while (total_subobj_len > 0 && hexdump == FALSE ) {
ND_TCHECK_16BITS(obj_tptr + offset);
subobj_type = EXTRACT_8BITS(obj_tptr + offset);
subobj_len = EXTRACT_8BITS(obj_tptr + offset + 1);
ND_PRINT((ndo, "\n\t Subobject, Type: %s (%u), Length: %u",
Expand All @@ -389,11 +392,13 @@ lmp_print_data_link_subobjs(netdissect_options *ndo, const u_char *obj_tptr,
}
switch(subobj_type) {
case INT_SWITCHING_TYPE_SUBOBJ:
ND_TCHECK_8BITS(obj_tptr + offset + 2);
ND_PRINT((ndo, "\n\t Switching Type: %s (%u)",
tok2str(gmpls_switch_cap_values,
"Unknown",
EXTRACT_8BITS(obj_tptr + offset + 2)),
EXTRACT_8BITS(obj_tptr + offset + 2)));
ND_TCHECK_8BITS(obj_tptr + offset + 3);
ND_PRINT((ndo, "\n\t Encoding Type: %s (%u)",
tok2str(gmpls_encoding_values,
"Unknown",
Expand All @@ -403,11 +408,13 @@ lmp_print_data_link_subobjs(netdissect_options *ndo, const u_char *obj_tptr,
bw.i = EXTRACT_32BITS(obj_tptr+offset+4);
ND_PRINT((ndo, "\n\t Min Reservable Bandwidth: %.3f Mbps",
bw.f*8/1000000));
ND_TCHECK_32BITS(obj_tptr + offset + 8);
bw.i = EXTRACT_32BITS(obj_tptr+offset+8);
ND_PRINT((ndo, "\n\t Max Reservable Bandwidth: %.3f Mbps",
bw.f*8/1000000));
break;
case WAVELENGTH_SUBOBJ:
ND_TCHECK_32BITS(obj_tptr + offset + 4);
ND_PRINT((ndo, "\n\t Wavelength: %u",
EXTRACT_32BITS(obj_tptr+offset+4)));
break;
Expand Down Expand Up @@ -1141,7 +1148,7 @@ lmp_print(netdissect_options *ndo,
}
return;
trunc:
ND_PRINT((ndo, "\n\t\t packet exceeded snapshot"));
ND_PRINT((ndo, "%s", tstr));
}
/*
* Local Variables:
Expand Down
6 changes: 2 additions & 4 deletions tests/lmp-lmp_print_data_link_subobjs-oobr.out
Expand Up @@ -7,8 +7,7 @@ IP (tos 0xfd,ECT(1), ttl 254, id 45839, offset 0, flags [+, DF, rsvd], proto UDP
Remote Interface ID: 3657433088 (0xda000000)
Subobject, Type: Interface Switching Type (1), Length: 4
Switching Type: Unknown (0)
Encoding Type: Unknown (0)
packet exceeded snapshot
Encoding Type: Unknown (0) [|LMP]
IP (tos 0xfd,ECT(1), ttl 254, id 45839, offset 0, flags [+, DF, rsvd], proto UDP (17), length 56871, bad cksum fe07 (->ddf0)!)
17.8.8.255.701 > 40.184.42.8.12:
LMPv1, msg-type: unknown, type: 249, Flags: [none], length: 212
Expand All @@ -18,5 +17,4 @@ IP (tos 0xfd,ECT(1), ttl 254, id 45839, offset 0, flags [+, DF, rsvd], proto UDP
Remote Interface ID: 3657433088 (0xda000000)
Subobject, Type: Interface Switching Type (1), Length: 4
Switching Type: Unknown (0)
Encoding Type: Unknown (0)
packet exceeded snapshot
Encoding Type: Unknown (0) [|LMP]
3 changes: 1 addition & 2 deletions tests/lmpv1_busyloop.out
Expand Up @@ -38,5 +38,4 @@
0x01d0: 0200 0200 0002 0002 0000 0200 0200 0002
0x01e0: 0002 0000 0200 0200 0002 0002 0000 0200
0x01f0: 0200 0002 0002 0000 0200 0200 0002 0002
Unknown Object (0), Class-Type: Unknown (0) Flags: [non-negotiable], length: 512
packet exceeded snapshot
Unknown Object (0), Class-Type: Unknown (0) Flags: [non-negotiable], length: 512 [|LMP]

0 comments on commit 0b661e0

Please sign in to comment.