diff options
| author | Guy Harris <guy@alum.mit.edu> | 2014-10-19 13:42:00 -0700 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2014-11-19 00:33:49 -0800 |
| commit | 2784f92acbf25e3574bbe283a7e1ae8a745a4347 (patch) | |
| tree | d1cd787b3cb6696b78e8f5af4fdb47cddcfdd7ad | |
| parent | 9d26c4b0ec742343aaac929a1866aed53ff8703a (diff) | |
| download | tcpdump-2784f92acbf25e3574bbe283a7e1ae8a745a4347.tar.gz | |
Use the length field in the UDP header.
If it's less than the length of the IP payload, use it as the size of
the UDP packet. If it's greater than the length of the IP payload,
and we're not dissecting the payload, report the length as bad.
| -rw-r--r-- | config.h.in | 3 | ||||
| -rw-r--r-- | print-udp.c | 40 |
2 files changed, 30 insertions, 13 deletions
diff --git a/config.h.in b/config.h.in index 9ee068be..1361afb2 100644 --- a/config.h.in +++ b/config.h.in @@ -261,6 +261,9 @@ /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME +/* Define to the home page for this package. */ +#undef PACKAGE_URL + /* Define to the version of this package. */ #undef PACKAGE_VERSION diff --git a/print-udp.c b/print-udp.c index 885d42e4..319e8e8a 100644 --- a/print-udp.c +++ b/print-udp.c @@ -378,7 +378,6 @@ udp_print(register const u_char *bp, u_int length, else ip6 = NULL; #endif /*INET6*/ - cp = (u_char *)(up + 1); if (!TTEST(up->uh_dport)) { udpipaddr_print(ip, -1, -1); (void)printf("[|udp]"); @@ -393,20 +392,24 @@ udp_print(register const u_char *bp, u_int length, (void)printf("truncated-udp %d", length); return; } - length -= sizeof(struct udphdr); - - if (cp > snapend) { + ulen = EXTRACT_16BITS(&up->uh_ulen); + if (ulen < sizeof(struct udphdr)) { udpipaddr_print(ip, sport, dport); - (void)printf("[|udp]"); + printf("truncated-udplength %d", ulen); return; } + ulen -= sizeof(struct udphdr); + length -= sizeof(struct udphdr); + if (ulen < length) + length = ulen; - ulen = EXTRACT_16BITS(&up->uh_ulen); - if (ulen < 8) { + cp = (u_char *)(up + 1); + if (cp > snapend) { udpipaddr_print(ip, sport, dport); - (void)printf("truncated-udplength %d", ulen); + printf("[|udp]"); return; } + if (packettype) { register struct sunrpc_msg *rp; enum sunrpc_msg_type direction; @@ -658,12 +661,23 @@ udp_print(register const u_char *bp, u_int length, sip_print((const u_char *)(up + 1), length); else if (ISPORT(SYSLOG_PORT)) syslog_print((const u_char *)(up + 1), length); - else - (void)printf("UDP, length %u", - (u_int32_t)(ulen - sizeof(*up))); + else { + if (ulen > length) + printf("UDP, bad length %u > %u", + ulen, length); + else + printf("UDP, length %u", + (uint32_t)(ulen - sizeof(*up))); + } #undef ISPORT - } else - (void)printf("UDP, length %u", (u_int32_t)(ulen - sizeof(*up))); + } else { + if (ulen > length) + printf("UDP, bad length %u > %u", + ulen, length); + else + printf("UDP, length %u", + (uint32_t)(ulen - sizeof(*up))); + } } |