| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
just add some additional TCHECK/TCHECK2 bounds checks to the code that
dissects attributes and let that handle the snapshot length checks.
Do the length check once per attribute, rather than doing a single check
up front.
Use TCHECK/TCHECK2 and TTEST/TTEST2, so that we print "too short"
indications. Make the "too short" indications all look the same.
Rename "radius_attr_print()" to "radius_attrs_print()" to make it
clearer that it has a loop to print all attributes, rather than just
printing one attribute.
As per Steiner Haug, the length of a vendor-specific attribute includes
the type and length bytes, so subtract two from the length to get the
length of the attribute's data.
|
| |
|
|
|
|
| |
"const u_char *", not a "const char *".
Clean up a comment.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The first critical piece of code is found in print-isakmp.c:332. The
function rawprint() does not check its arguments thus it's easy for
an attacker to pass a big 'len' or a bogus 'loc' leading to a
segmentation fault in the for loop.
The second bug is located in print-radius.c:471. The for loop of
print_attr_string() is written in an unsafe manner. 'length'
and 'data' should be checked.
|
| | |
|
| |
|
|
|
|
| |
-add print_vendor_attr() for dissecting vendor proprietary attributes
-add global oui.h oui.c files containing vendor IDs/Name tok2str() table
developers should use this file for resolving OUIs
|
| |
|
|
|
|
|
|
|
|
| |
appropriately, and that GNUmakefile and the MSVC++ project file define
it apppriately, as we do with libpcap, rather than defining it in
"interface.h".
Undo the rcsid-shuffling and addition of extra #includes, as we no
longer need to arrange that "interface.h" be included before using _U_
in an RCS ID or copyright.
|
| |
|
|
|
|
|
|
|
|
|
| |
use "_U_" in the definitions of "rcsid[]", to eliminate
complaints about those variables being unused;
move the definitions after the include of "interface.h", or add
an include of "interface.h", so that "_U_" is defined.
Include "config.h" before including "tcpdump-stdinc.h" in
"missing/datalinks.c".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
compile with Sun C, as "interface.h" isn't being included before the
structures are being declared.
Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun
C to generate code that's safe with unaligned accesses, as
"__attribute__" is defined as a do-nothing macro with compilers that
don't support it.
Therefore, we get rid of that tag on the structures to which it was
added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch
16-bit and 32-bit big-endian quantities from packets. We also fix some
other references to multi-byte quantities to get rid of code that tries
to do unaligned loads on platforms that don't support them.
We also throw in a hack that makes those macros use
"__attribute__((packed))" on structures containing only one 16-bit or
32-bit integer to get the compiler to generate unaligned-safe code
rather than doing it by hand. (GCC on SPARC produces the same code that
doing it by hand does; I don't know if GCC on any other big-endian
strict-alignment processor generates better code for that case. On
little-endian processors, as "ntohs()" and "ntohl()" might be functions,
that might actually produce worse code.)
Fix some places to use "%u" rather than "%d" to print unsigned
quantities.
|
| | |
|
| |
|
|
| |
forth while i'm here
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From Neil T. Spring: fixes for many of those warnings:
addrtoname.c, configure.in: Linux needs netinet/ether.h for
ether_ntohost
print-*.c: change char *foo = "bar" to const char *foo = "bar"
to appease -Wwrite-strings; should affect no run-time behavior.
print-*.c: make some variables unsigned.
print-bgp.c: plen ('prefix len') is unsigned, no reason to
validate by comparing to zero.
print-cnfp.c, print-rx.c: use intoa, provided by addrtoname,
instead of inet_ntoa.
print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to
be false, so check for (u_int)-1, which represents failure,
explicitly.
print-isakmp.c: complete initialization of attrmap objects.
print-lwres.c: "if(x); print foo;" seemed much more likely to be
intended to be "if(x) { print foo; }".
print-smb.c: complete initialization of some structures.
In addition, add some fixes for the signed vs. unsigned comparison
warnings:
extract.h: cast the result of the byte-extraction-and-combining,
as, at least for the 16-bit version, C's integral promotions
will turn "u_int16_t" into "int" if there are other "int"s
nearby.
print-*.c: make some more variables unsigned, or add casts to an
unsigned type of signed values known not to be negative, or add
casts to "int" of unsigned values known to fit in an "int", and
make other changes needed to handle the aforementioned variables
now being unsigned.
print-isakmp.c: clean up the handling of error/status indicators
in notify messages.
print-ppp.c: get rid of a check that an unsigned quantity is >=
0.
print-radius.c: clean up some of the bounds checking.
print-smb.c: extract the word count into a "u_int" to avoid the
aforementioned problems with C's integral promotions.
print-snmp.c: change a check that an unsigned variable is >= 0
to a check that it's != 0.
Also, fix some formats to use "%u" rather than "%d" for unsigned
quantities.
|
| |
|
|
|
| |
are included by <tcpdump-stdinc.h>, so we don't have to include them
explicitly; <errno.h> isn't needed by print routines).
|
| | |
|
| |
|
|
| |
Submitted by: Anonymous sourceforge user (req ID 576536)
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
the packet data pointer from the code to print a 32-bit RADIUS numerical
attribute value (the increment made sense for TUNNEL_TYPE and
TUNNEL_MEDIUM attributes, which have an 8-bit tag and 24-bit value, and
the increment skips over the tag after printing it; however, for other
attributes, with a 32-bit value, it's bogus).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
as it's a multiple of 4, it's probably not a problem on the most common
offender here, GCC-on-ARM).
Hand to the code that dissects RADIUS attributes, as the length of the
attributes,
min(payload length, captured payload length, length from header)
minus the size of the fixed-length fields in the RADIUS packet.
When printing RADIUS attributes, quit if we find one with a zero length,
rather than looping infinitely.
|
| |
|
|
|
| |
<string.h> in "print-cip.c" and "print-radius.c" to properly declare
"memcmp()" and "strcpy()".
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
or equal to 2 (the length includes the two bytes of type and length).
Don't print the values of RADIUS attributes that are supposed to be of a
particular length if they have a different length.
Don't use the result of "ctime()", unmodified, when printing an
attribute value; the string "ctime()" supplies includes a newline, which
we need to remove.
The "PRINT_HEX()" macro expands into code that modifies its first
argument; always set the variable in question to the appropriate value
before calling the macro.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
layout definitions, as per Alfredo Andrés's suggestion.
Don't use expressions with side effects inside EXTRACT macros - the
arguments of those macros are used more than once, so the side-effects
(incrementing the pointer) occurs more than once, and they occur in a
sequence that may not be the same for all compilers.
When printing a UNIX time value, extract the value into a "time_t"
variable, and then pass a pointer to that variable to "ctime()", don't
cast the result of "EXTRACT_32BITS()" to a pointer. Also, when printing
the result of "ctime()", print only the first 24 characters, so that the
newline at the end isn't printed.
Cast the first argument passed to "radius_attr_print()", and the
argument passed to the print function for an attribute, to "u_char *",
not "char *", as those routines expect a "u_char *".
|
| |
|
|
|
|
|
|
| |
rather than the OS's <netinet/ip.h> and <netinet/udp.h>.
As per Bill Fenner's suggestion, print single-byte 2-digit hex values
with "%02X" rather than manually pulling the nibbles out of the byte and
converting them.
|
| |
|
