[Click] [PATCH]: Small glitch in ipprint.cc

Mon Sep 22 12:29:46 EDT 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


IPPrint::simple_action

in the TCP case:
 p->tcp_header()->th_off
is used to calculate
 data
is used to calculate
 amt
is used as a parameter to sa.reserve()

- -> If packet's th_off is broken, then amt can become negative, which
sa.reserve quits with a failed assertion. IMHO IPPrint shouldn't cause a
program termination because of bad packet contents.

best,
	Harald

diff --git a/elements/ip/ipprint.cc b/elements/ip/ipprint.cc
index 684a87b..ca61889 100644
- --- a/elements/ip/ipprint.cc
+++ b/elements/ip/ipprint.cc
@@ -389,35 +389,39 @@ IPPrint::simple_action(Packet *p)
            if (bytes < 0 || (int) (p->end_data() - data) < bytes)
                bytes = p->end_data() - data;
            int amt = 3*bytes + (bytes/4+1) + 3*(bytes/24+1) + 1;
- -
- -           char *buf = sa.reserve(amt);
- -           char *orig_buf = buf;
- -
- -           if (buf && _contents == 1) {
- -               for (int i = 0; i < bytes; i++, data++) {
- -                   if ((i % 24) == 0) {
- -                       *buf++ = '\n'; *buf++ = ' '; *buf++ = ' ';
- -                   } else if ((i % 4) == 0)
- -                       *buf++ = ' ';
- -                   sprintf(buf, "%02x", *data & 0xff);
- -                   buf += 2;
- -               }
- -           } else if (buf && _contents == 2) {
- -               for (int i = 0; i < bytes; i++, data++) {
- -                   if ((i % 48) == 0) {
- -                       *buf++ = '\n'; *buf++ = ' '; *buf++ = ' ';
- -                   } else if ((i % 8) == 0)
- -                       *buf++ = ' ';
- -                   if (*data < 32 || *data > 126)
- -                       *buf++ = '.';
- -                   else
- -                       *buf++ = *data;
- -               }
- -           }

- -           if (orig_buf) {
- -               assert(buf <= orig_buf + amt);
- -               sa.adjust_length(buf - orig_buf);
+           if (amt >=0 ) {
+
+               char *buf = sa.reserve(amt);
+               char *orig_buf = buf;
+
+               if (buf && _contents == 1) {
+                   for (int i = 0; i < bytes; i++, data++) {
+                       if ((i % 24) == 0) {
+                           *buf++ = '\n'; *buf++ = ' '; *buf++ = ' ';
+                       } else if ((i % 4) == 0)
+                           *buf++ = ' ';
+                       sprintf(buf, "%02x", *data & 0xff);
+                       buf += 2;
+                   }
+               } else if (buf && _contents == 2) {
+                   for (int i = 0; i < bytes; i++, data++) {
+                       if ((i % 48) == 0) {
+                           *buf++ = '\n'; *buf++ = ' '; *buf++ = ' ';
+                       } else if ((i % 8) == 0)
+                           *buf++ = ' ';
+                       if (*data < 32 || *data > 126)
+                           *buf++ = '.';
+                       else
+                           *buf++ = *data;
+                   }
+               }
+               if (orig_buf) {
+                   assert(buf <= orig_buf + amt);
+                   sa.adjust_length(buf - orig_buf);
+               }
+           } else {
+               sa << "Broken TCP Header";
            }
        }
     }



- --
Harald Schiöberg
Technische Universität Berlin | T-Laboratories | FG INET
www: http://www.net.t-labs.tu-berlin.de
Phone: +49-(0)30-8353-58476 | Fax: +49-(0)391 534 783 47
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI18f5y8wrZ9OvkU0RArilAKCPVM9SacjXRyCGnpHf57vof4DKRwCfW5qp
k8T6aug7SwKHvxn+09F36lc=
=MYUM
-----END PGP SIGNATURE-----

