From 1ef47c304f226ca9f8a8d6bff1b43e617eafef19 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Mon, 21 Aug 2023 23:15:14 -0700 Subject: [PATCH] pgm: fix the way we step through the packet. Step past the PGM header after we finish processing it and before we process the message-type-specific header. Step past the message-type-specific fixed-length header before we process the stuff after that header. This makes the code a bit clearer (by explicitly advancing bp by the size of the stuff we just processed, rather than doing so by trickery involving adding 1 to a pointer to a structure), and fixes the processing of message types that don't have a message-type-specific header (where we weren't stepping past the PGM header). It also affects the way we handle messages of an unknown type. (cherry picked from commit 9a3eebde95cf1032ac68ae4312e2db14bb1fe58d) --- print-pgm.c | 29 +++++++++++++++-------------- tests/pgm_opts_asan.out | 2 +- tests/pgm_opts_asan_2.out | 2 +- tests/pgm_opts_asan_3.out | 2 +- 4 files changed, 18 insertions(+), 17 deletions(-) diff --git a/print-pgm.c b/print-pgm.c index 7672b616..f5ef7702 100644 --- a/print-pgm.c +++ b/print-pgm.c @@ -218,13 +218,14 @@ pgm_print(netdissect_options *ndo, pgm->pgm_gsid[3], pgm->pgm_gsid[4], pgm->pgm_gsid[5])); + bp += sizeof(struct pgm_header); switch (pgm->pgm_type) { case PGM_SPM: { const struct pgm_spm *spm; - spm = (const struct pgm_spm *)(pgm + 1); + spm = (const struct pgm_spm *)bp; ND_TCHECK(*spm); - bp = (const u_char *) (spm + 1); + bp += sizeof(struct pgm_spm); switch (EXTRACT_16BITS(&spm->pgms_nla_afi)) { case AFNUM_INET: @@ -253,21 +254,21 @@ pgm_print(netdissect_options *ndo, case PGM_POLL: { const struct pgm_poll *poll_msg; - poll_msg = (const struct pgm_poll *)(pgm + 1); + poll_msg = (const struct pgm_poll *)bp; ND_TCHECK(*poll_msg); ND_PRINT((ndo, "POLL seq %u round %u", EXTRACT_32BITS(&poll_msg->pgmp_seq), EXTRACT_16BITS(&poll_msg->pgmp_round))); - bp = (const u_char *) (poll_msg + 1); + bp += sizeof(struct pgm_poll); break; } case PGM_POLR: { const struct pgm_polr *polr; uint32_t ivl, rnd, mask; - polr = (const struct pgm_polr *)(pgm + 1); + polr = (const struct pgm_polr *)bp; ND_TCHECK(*polr); - bp = (const u_char *) (polr + 1); + bp += sizeof(struct pgm_polr); switch (EXTRACT_16BITS(&polr->pgmp_nla_afi)) { case AFNUM_INET: @@ -305,24 +306,24 @@ pgm_print(netdissect_options *ndo, case PGM_ODATA: { const struct pgm_data *odata; - odata = (const struct pgm_data *)(pgm + 1); + odata = (const struct pgm_data *)bp; ND_TCHECK(*odata); ND_PRINT((ndo, "ODATA trail %u seq %u", EXTRACT_32BITS(&odata->pgmd_trailseq), EXTRACT_32BITS(&odata->pgmd_seq))); - bp = (const u_char *) (odata + 1); + bp += sizeof(struct pgm_data); break; } case PGM_RDATA: { const struct pgm_data *rdata; - rdata = (const struct pgm_data *)(pgm + 1); + rdata = (const struct pgm_data *)bp; ND_TCHECK(*rdata); ND_PRINT((ndo, "RDATA trail %u seq %u", EXTRACT_32BITS(&rdata->pgmd_trailseq), EXTRACT_32BITS(&rdata->pgmd_seq))); - bp = (const u_char *) (rdata + 1); + bp += sizeof(struct pgm_data); break; } @@ -332,9 +333,9 @@ pgm_print(netdissect_options *ndo, const struct pgm_nak *nak; char source_buf[INET6_ADDRSTRLEN], group_buf[INET6_ADDRSTRLEN]; - nak = (const struct pgm_nak *)(pgm + 1); + nak = (const struct pgm_nak *)bp; ND_TCHECK(*nak); - bp = (const u_char *) (nak + 1); + bp += sizeof(struct pgm_nak); /* * Skip past the source, saving info along the way @@ -402,11 +403,11 @@ pgm_print(netdissect_options *ndo, case PGM_ACK: { const struct pgm_ack *ack; - ack = (const struct pgm_ack *)(pgm + 1); + ack = (const struct pgm_ack *)bp; ND_TCHECK(*ack); ND_PRINT((ndo, "ACK seq %u", EXTRACT_32BITS(&ack->pgma_rx_max_seq))); - bp = (const u_char *) (ack + 1); + bp += sizeof(struct pgm_ack); break; } diff --git a/tests/pgm_opts_asan.out b/tests/pgm_opts_asan.out index cc0607a4..b75868ac 100644 --- a/tests/pgm_opts_asan.out +++ b/tests/pgm_opts_asan.out @@ -1,2 +1,2 @@ IP (tos 0x41,ECT(1), id 0, offset 0, flags [none], proto PGM (113), length 32639, options (unknown 89 [bad length 232]), bad cksum 5959 (->9eb9)!) - 128.121.89.107 > 89.89.16.63: 128.121.89.107.4 > 89.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f OPTS LEN 225 OPT_1F [13] OPT_06 [26] PATH_NLA [4] [|OPT] + 128.121.89.107 > 89.89.16.63: 128.121.89.107.4 > 89.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f[Bad OPT_LENGTH option, length 0 != 4] diff --git a/tests/pgm_opts_asan_2.out b/tests/pgm_opts_asan_2.out index 7e948d41..21cd69a7 100644 --- a/tests/pgm_opts_asan_2.out +++ b/tests/pgm_opts_asan_2.out @@ -1,2 +1,2 @@ IP (tos 0x41,ECT(1), id 0, offset 0, flags [none], proto PGM (113), length 32639, options (unknown 89 [bad length 232]), bad cksum 5959 (->96b9)!) - 128.121.89.107 > 89.89.16.63: 128.121.89.107.4 > 89.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f OPTS LEN 225 OPT_1F [13] OPT_06 [26] [Bad OPT_PGMCC_DATA option, length 4 < 12] + 128.121.89.107 > 89.89.16.63: 128.121.89.107.4 > 89.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f[Bad OPT_LENGTH option, length 0 != 4] diff --git a/tests/pgm_opts_asan_3.out b/tests/pgm_opts_asan_3.out index 8a6bffd3..f3da1d38 100644 --- a/tests/pgm_opts_asan_3.out +++ b/tests/pgm_opts_asan_3.out @@ -1,2 +1,2 @@ IP (tos 0x41,ECT(1), id 0, offset 0, flags [none], proto PGM (113), length 32639, options (unknown 89 [bad length 232]), bad cksum 5959 (->f814)!) - 128.121.89.16 > 0.89.16.63: 128.121.89.16.4 > 0.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f OPTS LEN 225 OPT_1F [13] OPT_06 [26] [Bad OPT_REDIRECT option, length 4 < 8] + 128.121.89.16 > 0.89.16.63: 128.121.89.16.4 > 0.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f[Bad OPT_LENGTH option, length 0 != 4] -- 2.41.0