--- a/print-aodv.c +++ b/print-aodv.c @@ -41,7 +41,6 @@ static const char rcsid[] _U_ = #include -#include #include #include #include @@ -55,22 +54,14 @@ static const char rcsid[] _U_ = static void aodv_extension(const struct aodv_ext *ep, u_int length) { - u_int i; const struct aodv_hello *ah; switch (ep->type) { case AODV_EXT_HELLO: - if (snapend < (u_char *) ep) { - printf(" [|hello]"); - return; - } - i = min(length, (u_int)(snapend - (u_char *)ep)); - if (i < sizeof(struct aodv_hello)) { - printf(" [|hello]"); - return; - } - i -= sizeof(struct aodv_hello); - ah = (void *)ep; + ah = (const struct aodv_hello *)(const void *)ep; + TCHECK(*ah); + if (length < sizeof(struct aodv_hello)) + goto trunc; printf("\n\text HELLO %ld ms", (unsigned long)EXTRACT_32BITS(&ah->interval)); break; @@ -79,136 +70,135 @@ aodv_extension(const struct aodv_ext *ep, u_int length) printf("\n\text %u %u", ep->type, ep->length); break; } + return; + +trunc: + printf(" [|hello]"); } static void -aodv_rreq(const union aodv *ap, const u_char *dat, u_int length) +aodv_rreq(const u_char *dat, u_int length) { u_int i; + const struct aodv_rreq *ap = (const struct aodv_rreq *)dat; - if (snapend < dat) { - printf(" [|aodv]"); - return; - } - i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rreq)) { - printf(" [|rreq]"); - return; - } - i -= sizeof(ap->rreq); + TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; printf(" rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, - ap->rreq.rreq_type & RREQ_JOIN ? "[J]" : "", - ap->rreq.rreq_type & RREQ_REPAIR ? "[R]" : "", - ap->rreq.rreq_type & RREQ_GRAT ? "[G]" : "", - ap->rreq.rreq_type & RREQ_DEST ? "[D]" : "", - ap->rreq.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", - ap->rreq.rreq_hops, - (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_id), - ipaddr_string(&ap->rreq.rreq_da), - (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_ds), - ipaddr_string(&ap->rreq.rreq_oa), - (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_os)); + ap->rreq_type & RREQ_JOIN ? "[J]" : "", + ap->rreq_type & RREQ_REPAIR ? "[R]" : "", + ap->rreq_type & RREQ_GRAT ? "[G]" : "", + ap->rreq_type & RREQ_DEST ? "[D]" : "", + ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", + ap->rreq_hops, + (unsigned long)EXTRACT_32BITS(&ap->rreq_id), + ipaddr_string(&ap->rreq_da), + (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), + ipaddr_string(&ap->rreq_oa), + (unsigned long)EXTRACT_32BITS(&ap->rreq_os)); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rreq + 1), i); + aodv_extension((const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + printf(" [|rreq"); } static void -aodv_rrep(const union aodv *ap, const u_char *dat, u_int length) +aodv_rrep(const u_char *dat, u_int length) { u_int i; + const struct aodv_rrep *ap = (const struct aodv_rrep *)dat; - if (snapend < dat) { - printf(" [|aodv]"); - return; - } - i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rrep)) { - printf(" [|rrep]"); - return; - } - i -= sizeof(ap->rrep); + TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; printf(" rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, - ap->rrep.rrep_type & RREP_REPAIR ? "[R]" : "", - ap->rrep.rrep_type & RREP_ACK ? "[A] " : " ", - ap->rrep.rrep_ps & RREP_PREFIX_MASK, - ap->rrep.rrep_hops, - ipaddr_string(&ap->rrep.rrep_da), - (unsigned long)EXTRACT_32BITS(&ap->rrep.rrep_ds), - ipaddr_string(&ap->rrep.rrep_oa), - (unsigned long)EXTRACT_32BITS(&ap->rrep.rrep_life)); + ap->rrep_type & RREP_REPAIR ? "[R]" : "", + ap->rrep_type & RREP_ACK ? "[A] " : " ", + ap->rrep_ps & RREP_PREFIX_MASK, + ap->rrep_hops, + ipaddr_string(&ap->rrep_da), + (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), + ipaddr_string(&ap->rrep_oa), + (unsigned long)EXTRACT_32BITS(&ap->rrep_life)); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rrep + 1), i); + aodv_extension((const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + printf(" [|rreq"); } static void -aodv_rerr(const union aodv *ap, const u_char *dat, u_int length) +aodv_rerr(const u_char *dat, u_int length) { - u_int i; - const struct rerr_unreach *dp = NULL; - int n, trunc; + u_int i, dc; + const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; + const struct rerr_unreach *dp; - if (snapend < dat) { - printf(" [|aodv]"); - return; - } - i = min(length, (u_int)(snapend - dat)); - if (i < offsetof(struct aodv_rerr, r)) { - printf(" [|rerr]"); - return; - } - i -= offsetof(struct aodv_rerr, r); - dp = &ap->rerr.r.dest[0]; - n = ap->rerr.rerr_dc * sizeof(ap->rerr.r.dest[0]); + TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; printf(" rerr %s [items %u] [%u]:", - ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", - ap->rerr.rerr_dc, length); - trunc = n - (i/sizeof(ap->rerr.r.dest[0])); - for (; i >= sizeof(ap->rerr.r.dest[0]); - ++dp, i -= sizeof(ap->rerr.r.dest[0])) { + ap->rerr_flags & RERR_NODELETE ? "[D]" : "", + ap->rerr_dc, length); + dp = (struct rerr_unreach *)(dat + sizeof(*ap)); + i = length - sizeof(*ap); + for (dc = ap->rerr_dc; dc != 0; dc--) { + TCHECK(*dp); + if (i < sizeof(*dp)) + goto trunc; printf(" {%s}(%ld)", ipaddr_string(&dp->u_da), (unsigned long)EXTRACT_32BITS(&dp->u_ds)); + dp++; + i -= sizeof(*dp); } - if (trunc) - printf("[|rerr]"); + return; + +trunc: + printf("[|rerr]"); } static void #ifdef INET6 -aodv_v6_rreq(const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_rreq(const u_char *dat, u_int length) #else -aodv_v6_rreq(const union aodv *ap _U_, const u_char *dat _U_, u_int length) +aodv_v6_rreq(const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; + const struct aodv_rreq6 *ap = (const struct aodv_rreq6 *)dat; - if (snapend < dat) { - printf(" [|aodv]"); - return; - } - i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rreq6)) { - printf(" [|rreq6]"); - return; - } - i -= sizeof(ap->rreq6); + TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; printf(" v6 rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, - ap->rreq6.rreq_type & RREQ_JOIN ? "[J]" : "", - ap->rreq6.rreq_type & RREQ_REPAIR ? "[R]" : "", - ap->rreq6.rreq_type & RREQ_GRAT ? "[G]" : "", - ap->rreq6.rreq_type & RREQ_DEST ? "[D]" : "", - ap->rreq6.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", - ap->rreq6.rreq_hops, - (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_id), - ip6addr_string(&ap->rreq6.rreq_da), - (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_ds), - ip6addr_string(&ap->rreq6.rreq_oa), - (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_os)); + ap->rreq_type & RREQ_JOIN ? "[J]" : "", + ap->rreq_type & RREQ_REPAIR ? "[R]" : "", + ap->rreq_type & RREQ_GRAT ? "[G]" : "", + ap->rreq_type & RREQ_DEST ? "[D]" : "", + ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", + ap->rreq_hops, + (unsigned long)EXTRACT_32BITS(&ap->rreq_id), + ip6addr_string(&ap->rreq_da), + (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), + ip6addr_string(&ap->rreq_oa), + (unsigned long)EXTRACT_32BITS(&ap->rreq_os)); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rreq6 + 1), i); + aodv_extension((const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + printf(" [|rreq"); #else printf(" v6 rreq %u", length); #endif @@ -216,36 +206,35 @@ aodv_v6_rreq(const union aodv *ap _U_, const u_char *dat _U_, u_int length) static void #ifdef INET6 -aodv_v6_rrep(const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_rrep(const u_char *dat, u_int length) #else -aodv_v6_rrep(const union aodv *ap _U_, const u_char *dat _U_, u_int length) +aodv_v6_rrep(const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; + const struct aodv_rrep6 *ap = (const struct aodv_rrep6 *)dat; - if (snapend < dat) { - printf(" [|aodv]"); - return; - } - i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rrep6)) { - printf(" [|rrep6]"); - return; - } - i -= sizeof(ap->rrep6); + TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; printf(" rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, - ap->rrep6.rrep_type & RREP_REPAIR ? "[R]" : "", - ap->rrep6.rrep_type & RREP_ACK ? "[A] " : " ", - ap->rrep6.rrep_ps & RREP_PREFIX_MASK, - ap->rrep6.rrep_hops, - ip6addr_string(&ap->rrep6.rrep_da), - (unsigned long)EXTRACT_32BITS(&ap->rrep6.rrep_ds), - ip6addr_string(&ap->rrep6.rrep_oa), - (unsigned long)EXTRACT_32BITS(&ap->rrep6.rrep_life)); + ap->rrep_type & RREP_REPAIR ? "[R]" : "", + ap->rrep_type & RREP_ACK ? "[A] " : " ", + ap->rrep_ps & RREP_PREFIX_MASK, + ap->rrep_hops, + ip6addr_string(&ap->rrep_da), + (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), + ip6addr_string(&ap->rrep_oa), + (unsigned long)EXTRACT_32BITS(&ap->rrep_life)); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rrep6 + 1), i); + aodv_extension((const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + printf(" [|rreq"); #else printf(" rrep %u", length); #endif @@ -253,29 +242,37 @@ aodv_v6_rrep(const union aodv *ap _U_, const u_char *dat _U_, u_int length) static void #ifdef INET6 -aodv_v6_rerr(const union aodv *ap, u_int length) +aodv_v6_rerr(const u_char *dat, u_int length) #else -aodv_v6_rerr(const union aodv *ap _U_, u_int length) +aodv_v6_rerr(const u_char *dat _U_, u_int length) #endif { #ifdef INET6 - const struct rerr_unreach6 *dp6 = NULL; - int i, j, n, trunc; + u_int i, dc; + const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; + const struct rerr_unreach6 *dp6; - i = length - offsetof(struct aodv_rerr, r); - j = sizeof(ap->rerr.r.dest6[0]); - dp6 = &ap->rerr.r.dest6[0]; - n = ap->rerr.rerr_dc * j; + TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; printf(" rerr %s [items %u] [%u]:", - ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", - ap->rerr.rerr_dc, length); - trunc = n - (i/j); - for (; i -= j >= 0; ++dp6) { + ap->rerr_flags & RERR_NODELETE ? "[D]" : "", + ap->rerr_dc, length); + dp6 = (struct rerr_unreach6 *)(void *)(ap + 1); + i = length - sizeof(*ap); + for (dc = ap->rerr_dc; dc != 0; dc--) { + TCHECK(*dp6); + if (i < sizeof(*dp6)) + goto trunc; printf(" {%s}(%ld)", ip6addr_string(&dp6->u_da), (unsigned long)EXTRACT_32BITS(&dp6->u_ds)); + dp6++; + i -= sizeof(*dp6); } - if (trunc) - printf("[|rerr]"); + return; + +trunc: + printf("[|rerr]"); #else printf(" rerr %u", length); #endif @@ -283,40 +280,38 @@ aodv_v6_rerr(const union aodv *ap _U_, u_int length) static void #ifdef INET6 -aodv_v6_draft_01_rreq(const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_draft_01_rreq(const u_char *dat, u_int length) #else -aodv_v6_draft_01_rreq(const union aodv *ap _U_, const u_char *dat _U_, - u_int length) +aodv_v6_draft_01_rreq(const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; + const struct aodv_rreq6_draft_01 *ap = (const struct aodv_rreq6_draft_01 *)dat; - if (snapend < dat) { - printf(" [|aodv]"); - return; - } - i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rreq6_draft_01)) { - printf(" [|rreq6]"); - return; - } - i -= sizeof(ap->rreq6_draft_01); + TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; printf(" rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, - ap->rreq6_draft_01.rreq_type & RREQ_JOIN ? "[J]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_REPAIR ? "[R]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_GRAT ? "[G]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_DEST ? "[D]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", - ap->rreq6_draft_01.rreq_hops, - (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_id), - ip6addr_string(&ap->rreq6_draft_01.rreq_da), - (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_ds), - ip6addr_string(&ap->rreq6_draft_01.rreq_oa), - (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_os)); + ap->rreq_type & RREQ_JOIN ? "[J]" : "", + ap->rreq_type & RREQ_REPAIR ? "[R]" : "", + ap->rreq_type & RREQ_GRAT ? "[G]" : "", + ap->rreq_type & RREQ_DEST ? "[D]" : "", + ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", + ap->rreq_hops, + (unsigned long)EXTRACT_32BITS(&ap->rreq_id), + ip6addr_string(&ap->rreq_da), + (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), + ip6addr_string(&ap->rreq_oa), + (unsigned long)EXTRACT_32BITS(&ap->rreq_os)); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rreq6_draft_01 + 1), i); + aodv_extension((const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + printf(" [|rreq"); #else printf(" rreq %u", length); #endif @@ -324,37 +319,35 @@ aodv_v6_draft_01_rreq(const union aodv *ap _U_, const u_char *dat _U_, static void #ifdef INET6 -aodv_v6_draft_01_rrep(const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_draft_01_rrep(const u_char *dat, u_int length) #else -aodv_v6_draft_01_rrep(const union aodv *ap _U_, const u_char *dat _U_, - u_int length) +aodv_v6_draft_01_rrep(const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; + const struct aodv_rrep6_draft_01 *ap = (const struct aodv_rrep6_draft_01 *)dat; - if (snapend < dat) { - printf(" [|aodv]"); - return; - } - i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rrep6_draft_01)) { - printf(" [|rrep6]"); - return; - } - i -= sizeof(ap->rrep6_draft_01); + TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; printf(" rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, - ap->rrep6_draft_01.rrep_type & RREP_REPAIR ? "[R]" : "", - ap->rrep6_draft_01.rrep_type & RREP_ACK ? "[A] " : " ", - ap->rrep6_draft_01.rrep_ps & RREP_PREFIX_MASK, - ap->rrep6_draft_01.rrep_hops, - ip6addr_string(&ap->rrep6_draft_01.rrep_da), - (unsigned long)EXTRACT_32BITS(&ap->rrep6_draft_01.rrep_ds), - ip6addr_string(&ap->rrep6_draft_01.rrep_oa), - (unsigned long)EXTRACT_32BITS(&ap->rrep6_draft_01.rrep_life)); + ap->rrep_type & RREP_REPAIR ? "[R]" : "", + ap->rrep_type & RREP_ACK ? "[A] " : " ", + ap->rrep_ps & RREP_PREFIX_MASK, + ap->rrep_hops, + ip6addr_string(&ap->rrep_da), + (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), + ip6addr_string(&ap->rrep_oa), + (unsigned long)EXTRACT_32BITS(&ap->rrep_life)); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rrep6_draft_01 + 1), i); + aodv_extension((const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + printf(" [|rreq"); #else printf(" rrep %u", length); #endif @@ -362,29 +355,37 @@ aodv_v6_draft_01_rrep(const union aodv *ap _U_, const u_char *dat _U_, static void #ifdef INET6 -aodv_v6_draft_01_rerr(const union aodv *ap, u_int length) +aodv_v6_draft_01_rerr(const u_char *dat, u_int length) #else -aodv_v6_draft_01_rerr(const union aodv *ap _U_, u_int length) +aodv_v6_draft_01_rerr(const u_char *dat _U_, u_int length) #endif { #ifdef INET6 - const struct rerr_unreach6_draft_01 *dp6 = NULL; - int i, j, n, trunc; + u_int i, dc; + const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; + const struct rerr_unreach6_draft_01 *dp6; - i = length - offsetof(struct aodv_rerr, r); - j = sizeof(ap->rerr.r.dest6_draft_01[0]); - dp6 = &ap->rerr.r.dest6_draft_01[0]; - n = ap->rerr.rerr_dc * j; + TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; printf(" rerr %s [items %u] [%u]:", - ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", - ap->rerr.rerr_dc, length); - trunc = n - (i/j); - for (; i -= j >= 0; ++dp6) { + ap->rerr_flags & RERR_NODELETE ? "[D]" : "", + ap->rerr_dc, length); + dp6 = (struct rerr_unreach6_draft_01 *)(void *)(ap + 1); + i = length - sizeof(*ap); + for (dc = ap->rerr_dc; dc != 0; dc--) { + TCHECK(*dp6); + if (i < sizeof(*dp6)) + goto trunc; printf(" {%s}(%ld)", ip6addr_string(&dp6->u_da), (unsigned long)EXTRACT_32BITS(&dp6->u_ds)); + dp6++; + i -= sizeof(*dp6); } - if (trunc) - printf("[|rerr]"); + return; + +trunc: + printf("[|rerr]"); #else printf(" rerr %u", length); #endif @@ -393,40 +394,37 @@ aodv_v6_draft_01_rerr(const union aodv *ap _U_, u_int length) void aodv_print(const u_char *dat, u_int length, int is_ip6) { - const union aodv *ap; - - ap = (union aodv *)dat; - if (snapend < dat) { - printf(" [|aodv]"); - return; - } - if (min(length, (u_int)(snapend - dat)) < sizeof(ap->rrep_ack)) { - printf(" [|aodv]"); - return; - } + u_int8_t msg_type; + + /* + * The message type is the first byte; make sure we have it + * and then fetch it. + */ + TCHECK(*dat); + msg_type = *dat; printf(" aodv"); - switch (ap->rerr.rerr_type) { + switch (msg_type) { case AODV_RREQ: if (is_ip6) - aodv_v6_rreq(ap, dat, length); + aodv_v6_rreq(dat, length); else - aodv_rreq(ap, dat, length); + aodv_rreq(dat, length); break; case AODV_RREP: if (is_ip6) - aodv_v6_rrep(ap, dat, length); + aodv_v6_rrep(dat, length); else - aodv_rrep(ap, dat, length); + aodv_rrep(dat, length); break; case AODV_RERR: if (is_ip6) - aodv_v6_rerr(ap, length); + aodv_v6_rerr(dat, length); else - aodv_rerr(ap, dat, length); + aodv_rerr(dat, length); break; case AODV_RREP_ACK: @@ -434,15 +432,15 @@ aodv_print(const u_char *dat, u_int length, int is_ip6) break; case AODV_V6_DRAFT_01_RREQ: - aodv_v6_draft_01_rreq(ap, dat, length); + aodv_v6_draft_01_rreq(dat, length); break; case AODV_V6_DRAFT_01_RREP: - aodv_v6_draft_01_rrep(ap, dat, length); + aodv_v6_draft_01_rrep(dat, length); break; case AODV_V6_DRAFT_01_RERR: - aodv_v6_draft_01_rerr(ap, length); + aodv_v6_draft_01_rerr(dat, length); break; case AODV_V6_DRAFT_01_RREP_ACK: @@ -450,6 +448,10 @@ aodv_print(const u_char *dat, u_int length, int is_ip6) break; default: - printf(" %u %u", ap->rreq.rreq_type, length); + printf(" type %u %u", msg_type, length); } + return; + +trunc: + printf(" [|aodv]"); }