diff options
author | guy <guy> | 2004-08-27 03:57:40 +0000 |
---|---|---|
committer | guy <guy> | 2004-08-27 03:57:40 +0000 |
commit | 99711cd61e54afc6c20c544eaad5b13c1c2338f0 (patch) | |
tree | 3e0597483a04ab9b26540b437e6d73692f1d6d46 /print-pppoe.c | |
parent | 728fd81dac6cc1f1420c7836defc6b01e98c9f61 (diff) | |
download | tcpdump-99711cd61e54afc6c20c544eaad5b13c1c2338f0.tar.gz |
Use %u to print unsigned quantities.
Check, and use, the supplied packet length in the PPPoE dissector. (It
reflects the actual packet length; snapend reflects the captured packet
length.)
As we're now doing bounds checks with TCHECK, the loop over the tagged
fields doesn't have to check against snapend.
Diffstat (limited to 'print-pppoe.c')
-rw-r--r-- | print-pppoe.c | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/print-pppoe.c b/print-pppoe.c index d7baa20d..0c0b8f7b 100644 --- a/print-pppoe.c +++ b/print-pppoe.c @@ -23,7 +23,7 @@ #ifndef lint static const char rcsid[] _U_ = -"@(#) $Header: /tcpdump/master/tcpdump/print-pppoe.c,v 1.29 2004-08-27 03:28:58 guy Exp $ (LBL)"; +"@(#) $Header: /tcpdump/master/tcpdump/print-pppoe.c,v 1.30 2004-08-27 03:57:41 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -101,9 +101,15 @@ pppoe_if_print(const struct pcap_pkthdr *h, register const u_char *p) u_int pppoe_print(register const u_char *bp, u_int length) { - u_short pppoe_ver, pppoe_type, pppoe_code, pppoe_sessionid, pppoe_length; + u_int16_t pppoe_ver, pppoe_type, pppoe_code, pppoe_sessionid; + u_int pppoe_length; const u_char *pppoe_packet, *pppoe_payload; + if (length < PPPOE_HDRLEN) { + (void)printf("truncated-pppoe %u", length); + return (length); + } + length -= PPPOE_HDRLEN; pppoe_packet = bp; TCHECK2(*pppoe_packet, PPPOE_HDRLEN); pppoe_ver = (pppoe_packet[0] & 0xF0) >> 4; @@ -113,11 +119,6 @@ pppoe_print(register const u_char *bp, u_int length) pppoe_length = EXTRACT_16BITS(pppoe_packet + 4); pppoe_payload = pppoe_packet + PPPOE_HDRLEN; - if (snapend < pppoe_payload) { - printf(" truncated PPPoE"); - return (PPPOE_HDRLEN); - } - if (pppoe_ver != 1) { printf(" [ver %d]",pppoe_ver); } @@ -127,25 +128,29 @@ pppoe_print(register const u_char *bp, u_int length) printf("PPPoE %s", tok2str(pppoecode2str, "PAD-%x", pppoe_code)); if (pppoe_code == PPPOE_PADI && pppoe_length > 1484 - PPPOE_HDRLEN) { - printf(" [len %d!]",pppoe_length); + printf(" [len %u!]",pppoe_length); + } + if (pppoe_length > length) { + printf(" [len %u > %u!]", pppoe_length, length); + pppoe_length = length; } if (pppoe_sessionid) { printf(" [ses 0x%x]", pppoe_sessionid); } - if (pppoe_payload + pppoe_length < snapend && snapend-pppoe_payload+14 > 64) { + if (pppoe_length < length && length + ETHER_HDRLEN > 60) { /* (small packets are probably just padded up to the ethernet - minimum of 64 bytes) */ - printf(" [length %d (%d extra bytes)]", - pppoe_length, snapend - pppoe_payload - pppoe_length); + minimum of 60 bytes of data + 4 bytes of CRC) */ + printf(" [length %u (%u extra bytes)]", + pppoe_length, length - pppoe_length); #if RESPECT_PAYLOAD_LENGTH - snapend = pppoe_payload+pppoe_length; + if (snaplend > pppoe_payload+pppoe_length) + snapend = pppoe_payload+pppoe_length; #else /* Actual PPPoE implementations appear to ignore the payload length and use the full ethernet frame anyways */ - pppoe_length = snapend-pppoe_payload; + pppoe_length = length; #endif - } if (pppoe_code) { @@ -155,11 +160,10 @@ pppoe_print(register const u_char *bp, u_int length) /* * loop invariant: - * p points to next tag, + * p points to current tag, * tag_type is previous tag or 0xffff for first iteration */ - while (tag_type && p + 4 < pppoe_payload + length && - p + 4 < snapend) { + while (tag_type && p < pppoe_payload + pppoe_length) { TCHECK2(*p, 4); tag_type = EXTRACT_16BITS(p); tag_len = EXTRACT_16BITS(p + 2); |