Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / tcpdump / cec480af7b6e0879bd9b3ca961fa5dfba2d77fa3^! / . / addrtoname.c
commitcec480af7b6e0879bd9b3ca961fa5dfba2d77fa3[log] [tgz]
authorElliott Hughes <enh@google.com>Tue Dec 19 16:54:57 2017 -0800
committerElliott Hughes <enh@google.com>Tue Dec 19 16:54:57 2017 -0800
tree62ee098653f7185f462570cfd54fd37db665606c
parent4901a3d370ce3efb7a5b05afc912184ae35e19ae [diff] [blame]
Upgrade to tcpdump 4.9.2.

From CHANGES:

  Sunday September 3, 2017 denis@ovsienko.info
  Summary for 4.9.2 tcpdump release
    Do not use getprotobynumber() for protocol name resolution.  Do not do
      any protocol name resolution if -n is specified.
    Improve errors detection in the test scripts.
    Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
    Clean up IS-IS printing.
    Fix buffer overflow vulnerabilities:
      CVE-2017-11543 (SLIP)
      CVE-2017-13011 (bittok2str_internal)
    Fix infinite loop vulnerabilities:
      CVE-2017-12989 (RESP)
      CVE-2017-12990 (ISAKMP)
      CVE-2017-12995 (DNS)
      CVE-2017-12997 (LLDP)
    Fix buffer over-read vulnerabilities:
      CVE-2017-11541 (safeputs)
      CVE-2017-11542 (PIMv1)
      CVE-2017-12893 (SMB/CIFS)
      CVE-2017-12894 (lookup_bytestring)
      CVE-2017-12895 (ICMP)
      CVE-2017-12896 (ISAKMP)
      CVE-2017-12897 (ISO CLNS)
      CVE-2017-12898 (NFS)
      CVE-2017-12899 (DECnet)
      CVE-2017-12900 (tok2strbuf)
      CVE-2017-12901 (EIGRP)
      CVE-2017-12902 (Zephyr)
      CVE-2017-12985 (IPv6)
      CVE-2017-12986 (IPv6 routing headers)
      CVE-2017-12987 (IEEE 802.11)
      CVE-2017-12988 (telnet)
      CVE-2017-12991 (BGP)
      CVE-2017-12992 (RIPng)
      CVE-2017-12993 (Juniper)
      CVE-2017-11542 (PIMv1)
      CVE-2017-11541 (safeputs)
      CVE-2017-12994 (BGP)
      CVE-2017-12996 (PIMv2)
      CVE-2017-12998 (ISO IS-IS)
      CVE-2017-12999 (ISO IS-IS)
      CVE-2017-13000 (IEEE 802.15.4)
      CVE-2017-13001 (NFS)
      CVE-2017-13002 (AODV)
      CVE-2017-13003 (LMP)
      CVE-2017-13004 (Juniper)
      CVE-2017-13005 (NFS)
      CVE-2017-13006 (L2TP)
      CVE-2017-13007 (Apple PKTAP)
      CVE-2017-13008 (IEEE 802.11)
      CVE-2017-13009 (IPv6 mobility)
      CVE-2017-13010 (BEEP)
      CVE-2017-13012 (ICMP)
      CVE-2017-13013 (ARP)
      CVE-2017-13014 (White Board)
      CVE-2017-13015 (EAP)
      CVE-2017-11543 (SLIP)
      CVE-2017-13016 (ISO ES-IS)
      CVE-2017-13017 (DHCPv6)
      CVE-2017-13018 (PGM)
      CVE-2017-13019 (PGM)
      CVE-2017-13020 (VTP)
      CVE-2017-13021 (ICMPv6)
      CVE-2017-13022 (IP)
      CVE-2017-13023 (IPv6 mobility)
      CVE-2017-13024 (IPv6 mobility)
      CVE-2017-13025 (IPv6 mobility)
      CVE-2017-13026 (ISO IS-IS)
      CVE-2017-13027 (LLDP)
      CVE-2017-13028 (BOOTP)
      CVE-2017-13029 (PPP)
      CVE-2017-13030 (PIM)
      CVE-2017-13031 (IPv6 fragmentation header)
      CVE-2017-13032 (RADIUS)
      CVE-2017-13033 (VTP)
      CVE-2017-13034 (PGM)
      CVE-2017-13035 (ISO IS-IS)
      CVE-2017-13036 (OSPFv3)
      CVE-2017-13037 (IP)
      CVE-2017-13038 (PPP)
      CVE-2017-13039 (ISAKMP)
      CVE-2017-13040 (MPTCP)
      CVE-2017-13041 (ICMPv6)
      CVE-2017-13042 (HNCP)
      CVE-2017-13043 (BGP)
      CVE-2017-13044 (HNCP)
      CVE-2017-13045 (VQP)
      CVE-2017-13046 (BGP)
      CVE-2017-13047 (ISO ES-IS)
      CVE-2017-13048 (RSVP)
      CVE-2017-13049 (Rx)
      CVE-2017-13050 (RPKI-Router)
      CVE-2017-13051 (RSVP)
      CVE-2017-13052 (CFM)
      CVE-2017-13053 (BGP)
      CVE-2017-13054 (LLDP)
      CVE-2017-13055 (ISO IS-IS)
      CVE-2017-13687 (Cisco HDLC)
      CVE-2017-13688 (OLSR)
      CVE-2017-13689 (IKEv1)
      CVE-2017-13690 (IKEv2)
      CVE-2017-13725 (IPv6 routing headers)

Bug: N/A
Test: ran manually
Change-Id: I6fbfa46046ee89d40d13024777e27623a23cb258

diff --git a/addrtoname.c b/addrtoname.c
index 6975b71..df7c2ce 100644
--- a/addrtoname.c
+++ b/addrtoname.c

@@ -145,13 +145,23 @@
 	u_short e_addr2;
 	const char *e_name;
 	u_char *e_nsap;			/* used only for nsaptable[] */
-#define e_bs e_nsap			/* for bytestringtable */
 	struct enamemem *e_nxt;
 };
 
 static struct enamemem enametable[HASHNAMESIZE];
 static struct enamemem nsaptable[HASHNAMESIZE];
-static struct enamemem bytestringtable[HASHNAMESIZE];
+
+struct bsnamemem {
+	u_short bs_addr0;
+	u_short bs_addr1;
+	u_short bs_addr2;
+	const char *bs_name;
+	u_char *bs_bytes;
+	unsigned int bs_nbytes;
+	struct bsnamemem *bs_nxt;
+};
+
+static struct bsnamemem bytestringtable[HASHNAMESIZE];
 
 struct protoidmem {
 	uint32_t p_oui;
@@ -321,7 +331,7 @@
 	return (p->name);
 }
 
-static const char hex[] = "0123456789abcdef";
+static const char hex[16] = "0123456789abcdef";
 
 
 /* Find the hash node that corresponds the ether address 'ep' */
@@ -359,11 +369,11 @@
  * with length 'nlen'
  */
 
-static inline struct enamemem *
+static inline struct bsnamemem *
 lookup_bytestring(netdissect_options *ndo, register const u_char *bs,
 		  const unsigned int nlen)
 {
-	struct enamemem *tp;
+	struct bsnamemem *tp;
 	register u_int i, j, k;
 
 	if (nlen >= 6) {
@@ -378,26 +388,28 @@
 		i = j = k = 0;
 
 	tp = &bytestringtable[(i ^ j) & (HASHNAMESIZE-1)];
-	while (tp->e_nxt)
-		if (tp->e_addr0 == i &&
-		    tp->e_addr1 == j &&
-		    tp->e_addr2 == k &&
-		    memcmp((const char *)bs, (const char *)(tp->e_bs), nlen) == 0)
+	while (tp->bs_nxt)
+		if (nlen == tp->bs_nbytes &&
+		    tp->bs_addr0 == i &&
+		    tp->bs_addr1 == j &&
+		    tp->bs_addr2 == k &&
+		    memcmp((const char *)bs, (const char *)(tp->bs_bytes), nlen) == 0)
 			return tp;
 		else
-			tp = tp->e_nxt;
+			tp = tp->bs_nxt;
 
-	tp->e_addr0 = i;
-	tp->e_addr1 = j;
-	tp->e_addr2 = k;
+	tp->bs_addr0 = i;
+	tp->bs_addr1 = j;
+	tp->bs_addr2 = k;
 
-	tp->e_bs = (u_char *) calloc(1, nlen + 1);
-	if (tp->e_bs == NULL)
+	tp->bs_bytes = (u_char *) calloc(1, nlen);
+	if (tp->bs_bytes == NULL)
 		(*ndo->ndo_error)(ndo, "lookup_bytestring: calloc");
 
-	memcpy(tp->e_bs, bs, nlen);
-	tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp));
-	if (tp->e_nxt == NULL)
+	memcpy(tp->bs_bytes, bs, nlen);
+	tp->bs_nbytes = nlen;
+	tp->bs_nxt = (struct bsnamemem *)calloc(1, sizeof(*tp));
+	if (tp->bs_nxt == NULL)
 		(*ndo->ndo_error)(ndo, "lookup_bytestring: calloc");
 
 	return tp;
@@ -424,11 +436,11 @@
 
 	tp = &nsaptable[(i ^ j) & (HASHNAMESIZE-1)];
 	while (tp->e_nxt)
-		if (tp->e_addr0 == i &&
+		if (nsap_length == tp->e_nsap[0] &&
+		    tp->e_addr0 == i &&
 		    tp->e_addr1 == j &&
 		    tp->e_addr2 == k &&
-		    tp->e_nsap[0] == nsap_length &&
-		    memcmp((const char *)&(nsap[1]),
+		    memcmp((const char *)nsap,
 			(char *)&(tp->e_nsap[1]), nsap_length) == 0)
 			return tp;
 		else
@@ -528,12 +540,12 @@
 	const unsigned int len = 8;
 	register u_int i;
 	register char *cp;
-	register struct enamemem *tp;
+	register struct bsnamemem *tp;
 	char buf[BUFSIZE];
 
 	tp = lookup_bytestring(ndo, ep, len);
-	if (tp->e_name)
-		return (tp->e_name);
+	if (tp->bs_name)
+		return (tp->bs_name);
 
 	cp = buf;
 	for (i = len; i > 0 ; --i) {
@@ -545,11 +557,11 @@
 
 	*cp = '\0';
 
-	tp->e_name = strdup(buf);
-	if (tp->e_name == NULL)
+	tp->bs_name = strdup(buf);
+	if (tp->bs_name == NULL)
 		(*ndo->ndo_error)(ndo, "le64addr_string: strdup(buf)");
 
-	return (tp->e_name);
+	return (tp->bs_name);
 }
 
 const char *
@@ -558,7 +570,7 @@
 {
 	register u_int i;
 	register char *cp;
-	register struct enamemem *tp;
+	register struct bsnamemem *tp;
 
 	if (len == 0)
 		return ("<empty>");
@@ -570,11 +582,11 @@
 		return (q922_string(ndo, ep, len));
 
 	tp = lookup_bytestring(ndo, ep, len);
-	if (tp->e_name)
-		return (tp->e_name);
+	if (tp->bs_name)
+		return (tp->bs_name);
 
-	tp->e_name = cp = (char *)malloc(len*3);
-	if (tp->e_name == NULL)
+	tp->bs_name = cp = (char *)malloc(len*3);
+	if (tp->bs_name == NULL)
 		(*ndo->ndo_error)(ndo, "linkaddr_string: malloc");
 	*cp++ = hex[*ep >> 4];
 	*cp++ = hex[*ep++ & 0xf];
@@ -584,7 +596,7 @@
 		*cp++ = hex[*ep++ & 0xf];
 	}
 	*cp = '\0';
-	return (tp->e_name);
+	return (tp->bs_name);
 }
 
 const char *