diff options
| author | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2019-10-21 17:36:40 +0200 |
|---|---|---|
| committer | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2019-10-21 19:11:48 +0200 |
| commit | 78a4ee82226a3fe19981841dfe24d5e9cb437524 (patch) | |
| tree | ef6095c023ebbd2274228257c2b0b10497c2edf1 | |
| parent | 1b428d2dca964cc7a1696559b293749e738c3939 (diff) | |
| download | tcpdump-78a4ee82226a3fe19981841dfe24d5e9cb437524.tar.gz | |
LDP: Fix a length check
In ldp_tlv_print(), the FT Session TLV length must be 12, not 8 (RFC3479)
Moreover:
Update the TLV_TCHECK() macro to remove the useless ND_TCHECK_LEN() call
with the GET_ macros. Thus remain the length check giving a more accurate
output.
Rename a label.
Update the output of a test accordingly.
Add a comment.
Partial update from aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
in 4.9 branch.
| -rw-r--r-- | print-ldp.c | 12 | ||||
| -rw-r--r-- | tests/ldp-ldp_tlv_print-oobr.out | 3 |
2 files changed, 9 insertions, 6 deletions
diff --git a/print-ldp.c b/print-ldp.c index 49379f0d..b747fe7d 100644 --- a/print-ldp.c +++ b/print-ldp.c @@ -231,7 +231,11 @@ static u_int ldp_pdu_print(netdissect_options *, const u_char *); */ #define TLV_TCHECK(minlen) \ - ND_TCHECK_LEN(tptr, minlen); if (tlv_tlen < minlen) goto badtlv; + if (tlv_tlen < minlen) { \ + ND_PRINT(" [tlv length %u < %u]", tlv_tlen, minlen); \ + nd_print_invalid(ndo); \ + goto invalid; \ + } static u_int ldp_tlv_print(netdissect_options *ndo, @@ -487,7 +491,7 @@ ldp_tlv_print(netdissect_options *ndo, break; case LDP_TLV_FT_SESSION: - TLV_TCHECK(8); + TLV_TCHECK(12); ft_flags = GET_BE_U_2(tptr); ND_PRINT("\n\t Flags: [%sReconnect, %sSave State, %sAll-Label Protection, %s Checkpoint, %sRe-Learn State]", ft_flags&0x8000 ? "" : "No ", @@ -495,6 +499,7 @@ ldp_tlv_print(netdissect_options *ndo, ft_flags&0x4 ? "" : "No ", ft_flags&0x2 ? "Sequence Numbered Label" : "All Labels", ft_flags&0x1 ? "" : "Don't "); + /* 16 bits (FT Flags) + 16 bits (Reserved) */ tptr+=4; ui = GET_BE_U_4(tptr); if (ui) @@ -538,8 +543,7 @@ trunc: nd_print_trunc(ndo); return 0; -badtlv: - ND_PRINT("\n\t\t TLV contents go past end of TLV"); +invalid: return(tlv_len+4); /* Type & Length fields not included */ } diff --git a/tests/ldp-ldp_tlv_print-oobr.out b/tests/ldp-ldp_tlv_print-oobr.out index d1e64c8e..f16928b1 100644 --- a/tests/ldp-ldp_tlv_print-oobr.out +++ b/tests/ldp-ldp_tlv_print-oobr.out @@ -3,5 +3,4 @@ LDP, Label-Space-ID: 0.0.127.255:796, pdu-length: 514 Address Withdraw Message (0x0301), length: 22, Message ID: 0x00001600, Flags: [ignore if unknown] Unknown TLV (0x0404), length: 0, Flags: [ignore and don't forward if unknown] - Fault-Tolerant Session Parameters TLV (0x0503), length: 8, Flags: [ignore and don't forward if unknown] - Flags: [No Reconnect, Don't Save State, No All-Label Protection, Sequence Numbered Label Checkpoint, Re-Learn State], Reconnect Timeout: 50331648ms [|ldp] + Fault-Tolerant Session Parameters TLV (0x0503), length: 8, Flags: [ignore and don't forward if unknown] [tlv length 8 < 12] (invalid) [|ldp] |