From dfd222c04437e40cc6127c3f5e1dcb60051096dc Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Tue, 28 Feb 2023 10:04:51 +0000 Subject: Adjust default_print() to not run over snapend. Kill default_print_unaligned() and adjust default_print() to also work with unaligned buffers. There is no need for two functions doing the same thing. Pass the right length in nsh_print to default_print(). Fixes on place that makes tcpdump crash. Reported by Peter J. Philipp (pjp at delphinusdns dot org) OK mbuhl@ --- usr.sbin/tcpdump/interface.h | 5 ++-- usr.sbin/tcpdump/print-isoclns.c | 6 ++--- usr.sbin/tcpdump/print-llc.c | 6 ++--- usr.sbin/tcpdump/print-nsh.c | 4 ++-- usr.sbin/tcpdump/tcpdump.c | 51 +++++++++------------------------------- 5 files changed, 21 insertions(+), 51 deletions(-) diff --git a/usr.sbin/tcpdump/interface.h b/usr.sbin/tcpdump/interface.h index 602be405723..4e055f3eb80 100644 --- a/usr.sbin/tcpdump/interface.h +++ b/usr.sbin/tcpdump/interface.h @@ -1,4 +1,4 @@ -/* $OpenBSD: interface.h,v 1.86 2020/08/17 06:29:29 dlg Exp $ */ +/* $OpenBSD: interface.h,v 1.87 2023/02/28 10:04:50 claudio Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -20,7 +20,7 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * @(#) $Id: interface.h,v 1.86 2020/08/17 06:29:29 dlg Exp $ (LBL) + * @(#) $Id: interface.h,v 1.87 2023/02/28 10:04:50 claudio Exp $ (LBL) */ #ifndef tcpdump_interface_h @@ -199,7 +199,6 @@ extern void bootp_print(const u_char *, u_int, u_short, u_short); extern void bgp_print(const u_char *, int); extern void decnet_print(const u_char *, u_int, u_int); extern void default_print(const u_char *, u_int); -extern void default_print_unaligned(const u_char *, u_int); extern void dvmrp_print(const u_char *, u_int); extern void egp_print(const u_char *, u_int, const u_char *); extern void enc_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); diff --git a/usr.sbin/tcpdump/print-isoclns.c b/usr.sbin/tcpdump/print-isoclns.c index 0c94a02ff2c..ea2edac3d7a 100644 --- a/usr.sbin/tcpdump/print-isoclns.c +++ b/usr.sbin/tcpdump/print-isoclns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-isoclns.c,v 1.15 2021/12/01 18:28:46 deraadt Exp $ */ +/* $OpenBSD: print-isoclns.c,v 1.16 2023/02/28 10:04:50 claudio Exp $ */ /* * Copyright (c) 1992, 1993, 1994, 1995, 1996 @@ -88,7 +88,7 @@ isoclns_print(const u_char *p, u_int length, u_int caplen, /* isis_print(&p, &length); */ printf(" len=%d ", length); if (caplen > 1) - default_print_unaligned(p, caplen); + default_print(p, caplen); break; case NULLNS: @@ -107,7 +107,7 @@ isoclns_print(const u_char *p, u_int length, u_int caplen, etheraddr_string(edst)); printf(" len=%d ", length); if (caplen > 1) - default_print_unaligned(p, caplen); + default_print(p, caplen); break; } } diff --git a/usr.sbin/tcpdump/print-llc.c b/usr.sbin/tcpdump/print-llc.c index 14829688033..ed48dc46a25 100644 --- a/usr.sbin/tcpdump/print-llc.c +++ b/usr.sbin/tcpdump/print-llc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-llc.c,v 1.22 2020/01/24 22:46:37 procter Exp $ */ +/* $OpenBSD: print-llc.c,v 1.23 2023/02/28 10:04:50 claudio Exp $ */ /* * Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997 @@ -219,7 +219,7 @@ llc_print(const u_char *p, u_int length, u_int caplen, printf("%s/%c", m, f); if (caplen < 6) { - default_print_unaligned(p, caplen); + default_print(p, caplen); return (0); } p += 3; @@ -248,7 +248,7 @@ llc_print(const u_char *p, u_int length, u_int caplen, } else { char f; if (caplen < 4) { - default_print_unaligned(p, caplen); + default_print(p, caplen); return (0); } llc.llcis = ntohs(llc.llcis); diff --git a/usr.sbin/tcpdump/print-nsh.c b/usr.sbin/tcpdump/print-nsh.c index f21fe690119..9d66bf114dc 100644 --- a/usr.sbin/tcpdump/print-nsh.c +++ b/usr.sbin/tcpdump/print-nsh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print-nsh.c,v 1.1 2019/12/03 01:43:33 dlg Exp $ */ +/* $OpenBSD: print-nsh.c,v 1.2 2023/02/28 10:04:50 claudio Exp $ */ /* * Copyright (c) 2019 David Gwynne @@ -214,7 +214,7 @@ nsh_print(const u_char *p, u_int length) } if (vflag) - default_print_unaligned(p, length); + default_print(p, l); return; trunc: diff --git a/usr.sbin/tcpdump/tcpdump.c b/usr.sbin/tcpdump/tcpdump.c index fccccd46473..336f4efbf3d 100644 --- a/usr.sbin/tcpdump/tcpdump.c +++ b/usr.sbin/tcpdump/tcpdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcpdump.c,v 1.97 2022/07/09 23:24:44 halex Exp $ */ +/* $OpenBSD: tcpdump.c,v 1.98 2023/02/28 10:04:50 claudio Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -632,44 +632,15 @@ default_print_ascii(const u_char *cp, unsigned int length) } } -/* Like default_print() but data need not be aligned */ -void -default_print_unaligned(const u_char *cp, u_int length) -{ - u_int i, s; - int nshorts; - - if (Xflag) { - /* dump the buffer in `emacs-hexl' style */ - default_print_hexl(cp, length); - } else if (Aflag) { - /* dump the text in the buffer */ - default_print_ascii(cp, length); - } else { - /* dump the buffer in old tcpdump style */ - nshorts = (u_int) length / sizeof(u_short); - i = 0; - while (--nshorts >= 0) { - if ((i++ % 8) == 0) - printf("\n\t\t\t"); - s = *cp++; - printf(" %02x%02x", s, *cp++); - } - if (length & 1) { - if ((i % 8) == 0) - printf("\n\t\t\t"); - printf(" %02x", *cp); - } - } -} - void default_print(const u_char *bp, u_int length) { - const u_short *sp; u_int i; int nshorts; + if (snapend - bp < length) + length = snapend - bp; + if (Xflag) { /* dump the buffer in `emacs-hexl' style */ default_print_hexl(bp, length); @@ -677,23 +648,23 @@ default_print(const u_char *bp, u_int length) /* dump the text in the buffer */ default_print_ascii(bp, length); } else { + u_short sp; + /* dump the buffer in old tcpdump style */ - if ((long)bp & 1) { - default_print_unaligned(bp, length); - return; - } - sp = (u_short *)bp; nshorts = (u_int) length / sizeof(u_short); i = 0; while (--nshorts >= 0) { if ((i++ % 8) == 0) printf("\n\t\t\t"); - printf(" %04x", ntohs(*sp++)); + + sp = (u_short)*bp++ << 8; + sp |= *bp++; + printf(" %04x", sp); } if (length & 1) { if ((i % 8) == 0) printf("\n\t\t\t"); - printf(" %02x", *(u_char *)sp); + printf(" %02x", *bp); } } } -- cgit v1.2.3