From: Francois-Xavier Le Bail Date: Sat, 26 Aug 2023 19:36:09 +0000 (+0200) Subject: IPv6: Report another invalid case as invalid, not truncated X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/7830dc93c7bd42d3e8eb175023590eb610c6c0e2 IPv6: Report another invalid case as invalid, not truncated This is in the jumbo case. When the payload+header length is > (original) length, output example: [payload+header length 65577 > length 65576] (invalid) We treat this as a warning and so don't stop decoding (as before). Add a test file. Update two test outputs accordingly. --- diff --git a/print-ip6.c b/print-ip6.c index ba086bc5..827151eb 100644 --- a/print-ip6.c +++ b/print-ip6.c @@ -434,9 +434,12 @@ ip6_print(netdissect_options *ndo, const u_char *bp, u_int length) len = payload_len + sizeof(struct ip6_hdr); if (len < total_advance) goto trunc; - if (length < len) - ND_PRINT("truncated-ip6 - %u bytes missing!", - len - length); + if (len > length) { + ND_PRINT("[payload+header length %u > length %u]", + len, length); + nd_print_invalid(ndo); + ND_PRINT(" "); + } nd_change_snaplen(ndo, bp, len); /* diff --git a/tests/TESTLIST b/tests/TESTLIST index a6698fca..8cfd3442 100644 --- a/tests/TESTLIST +++ b/tests/TESTLIST @@ -361,6 +361,7 @@ ipv6-srh-tlv-pad1-padn-5 ipv6-srh-tlv-pad1-padn-5.pcap ipv6-srh-tlv-pad1-padn-5. ipv6-srh-tlv-pad1-padn-5-v ipv6-srh-tlv-pad1-padn-5.pcap ipv6-srh-tlv-pad1-padn-5-v.out -v ipv6_invalid_length ipv6_invalid_length.pcap ipv6_invalid_length.out ipv6_invalid_length_2 ipv6_invalid_length_2.pcap ipv6_invalid_length_2.out -v +ipv6_jumbogram_invalid_length ipv6_jumbogram_invalid_length.pcap ipv6_jumbogram_invalid_length.out -v # Loopback/CTP test case loopback loopback.pcap loopback.out diff --git a/tests/ipv6-too-long-jumbo.out b/tests/ipv6-too-long-jumbo.out index c5ccb838..d40d6601 100644 --- a/tests/ipv6-too-long-jumbo.out +++ b/tests/ipv6-too-long-jumbo.out @@ -1 +1 @@ - 1 12:40:23.226395 IP6 (class 0xc0, hlim 0, next-header Options (0) payload length: 0) 1:6:1a28:312:d7cb:b318:34e5:d3ea > 2b7f:cd1f:ec3c:fb9c:e731:d16b:a8fe:ba8c: HBH (opt_type 0x1a: len=0)(padn)(opt_type 0x16: len=0)(opt_type 0x64: len=114)(jumbo: 3858694210) (opt_type 0x42: len=3)(opt_type 0xfe: len=6)(pad1)(jumbo: 248 - already seen) (opt_type 0x0e: len=8)(opt_type 0x07: len=4)(opt_type 0xf1: len=60) truncated-ip6 - 3858693774 bytes missing! ip-proto-12 3858693802 + 1 12:40:23.226395 IP6 (class 0xc0, hlim 0, next-header Options (0) payload length: 0) 1:6:1a28:312:d7cb:b318:34e5:d3ea > 2b7f:cd1f:ec3c:fb9c:e731:d16b:a8fe:ba8c: HBH (opt_type 0x1a: len=0)(padn)(opt_type 0x16: len=0)(opt_type 0x64: len=114)(jumbo: 3858694210) (opt_type 0x42: len=3)(opt_type 0xfe: len=6)(pad1)(jumbo: 248 - already seen) (opt_type 0x0e: len=8)(opt_type 0x07: len=4)(opt_type 0xf1: len=60) [payload+header length 3858694250 > length 476] (invalid) ip-proto-12 3858693802 diff --git a/tests/ipv6_jumbogram_invalid_length.out b/tests/ipv6_jumbogram_invalid_length.out new file mode 100644 index 00000000..6bb08a0a --- /dev/null +++ b/tests/ipv6_jumbogram_invalid_length.out @@ -0,0 +1 @@ + 1 09:09:55.627421 IP6 (hlim 227, next-header Options (0) payload length: 0) 2200::244:212:3fff:feae:22f7 > 2200::240:2:0:0:4: HBH (jumbo: 65537) [payload+header length 65577 > length 65576] (invalid) ICMP6, echo request, id 4576, seq 51486 diff --git a/tests/ipv6_jumbogram_invalid_length.pcap b/tests/ipv6_jumbogram_invalid_length.pcap new file mode 100644 index 00000000..97c4b2e9 Binary files /dev/null and b/tests/ipv6_jumbogram_invalid_length.pcap differ diff --git a/tests/quic_32_bit_pointer_overflow.out b/tests/quic_32_bit_pointer_overflow.out index bb0aae42..f456b6a2 100644 --- a/tests/quic_32_bit_pointer_overflow.out +++ b/tests/quic_32_bit_pointer_overflow.out @@ -1 +1 @@ - 1 14:32:46.453540455 IP6 ::8:46:ee:102:202:202 > 202:200:0:fe7e:b65f:677a:82b:601: HBH truncated-ip6 - 201252743 bytes missing!0 > 443: quic, initial, vb2a10200, dcid 00000100, length 1 [|quic] + 1 14:32:46.453540455 IP6 ::8:46:ee:102:202:202 > 202:200:0:fe7e:b65f:677a:82b:601: HBH [payload+header length 201311194 > length 58451] (invalid) 0 > 443: quic, initial, vb2a10200, dcid 00000100, length 1 [|quic]