diff options
author | Denis Ovsienko <denis@ovsienko.info> | 2020-09-23 11:16:59 +0100 |
---|---|---|
committer | Denis Ovsienko <denis@ovsienko.info> | 2020-09-24 18:58:45 +0100 |
commit | 07ee811374b9ec7e4c152d12fdc2eaf483555215 (patch) | |
tree | d8e29272b98488587582c751520e53263b8e53ba /print-openflow.c | |
parent | 679a9b46ff71e17862f93547fe0631ba07bbe56e (diff) | |
download | tcpdump-07ee811374b9ec7e4c152d12fdc2eaf483555215.tar.gz |
OpenFlow 1.0: Fix queue properties decoding.
In of10_queue_props_print() the "skip" branch tested and skipped 4 bytes
too many, so a malformed queue property would likely result in an odd
truncation or incorrect decoding of subsequent data (this is based on
code analysis only).
Get the offset and the size right and add a comment to explain it. Add
and update other comments to clarify a few similar subtleties that are
easy to get wrong.
Diffstat (limited to 'print-openflow.c')
-rw-r--r-- | print-openflow.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/print-openflow.c b/print-openflow.c index 894306d1..c82e1368 100644 --- a/print-openflow.c +++ b/print-openflow.c @@ -99,7 +99,13 @@ of_header_body_print(netdissect_options *ndo, const u_char *cp, const u_char *ep * the basic header. A message length underrun fails decoding of the rest of * the current packet. At the same time, try decoding as much of the current * message as possible even when it does not end within the current TCP - * segment. */ + * segment. + * + * That is, do NOT require the header "length" to be small enough for + * the full declared OpenFlow message to fit into the remainder of the + * declared TCP segment given to this function, same as the full declared + * TCP segment is not required to fit into the captured packet buffer. + */ if (length < OF_HEADER_LEN) { of_header_print(ndo, version, type, length, xid); goto invalid; |