freebsd-skq/contrib/tcpdump/print-lisp.c
Gleb Smirnoff 3340d77368 Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.

Security:	CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security:	CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security:	CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security:	CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security:	CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security:	CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security:	CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security:	CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security:	CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security:	CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security:	CVE-2017-5486
2017-02-01 20:26:42 +00:00

450 lines
15 KiB
C

/*
* Copyright (c) 2015 Ritesh Ranjan (r.ranjan789@gmail.com)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/* \summary: - Locator/Identifier Separation Protocol (LISP) printer */
/*
* specification: RFC 6830
*
*
* The Map-Register message format is:
*
* 0 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* |Type=3 |P|S|I|R| Reserved |M| Record Count |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Nonce . . . |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | . . . Nonce |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Key ID | Authentication Data Length |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* ~ Authentication Data ~
* +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | | Record TTL |
* | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* R | Locator Count | EID mask-len | ACT |A| Reserved |
* e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* c | Rsvd | Map-Version Number | EID-Prefix-AFI |
* o +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* r | EID-Prefix |
* d +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | /| Priority | Weight | M Priority | M Weight |
* | L +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | o | Unused Flags |L|p|R| Loc-AFI |
* | c +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | \| Locator |
* +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*
*
* The Map-Notify message format is:
*
* 0 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* |Type=4 |I|R| Reserved | Record Count |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Nonce . . . |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | . . . Nonce |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Key ID | Authentication Data Length |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* ~ Authentication Data ~
* +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | | Record TTL |
* | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* R | Locator Count | EID mask-len | ACT |A| Reserved |
* e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* c | Rsvd | Map-Version Number | EID-Prefix-AFI |
* o +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* r | EID-Prefix |
* d +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | /| Priority | Weight | M Priority | M Weight |
* | L +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | o | Unused Flags |L|p|R| Loc-AFI |
* | c +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | \| Locator |
* +-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <netdissect-stdinc.h>
#include <netdissect.h>
#include <string.h>
#include <stdlib.h>
#include "ip.h"
#include "ip6.h"
#include "extract.h"
#include "addrtoname.h"
static const char tstr[] = " [|LISP]";
#define IPv4_AFI 1
#define IPv6_AFI 2
#define TYPE_INDEX 4
#define LISP_MAP_NOTIFY_IBIT_MASK 8
#define LISP_MAP_REGISTER_IBIT_MASK 2
enum {
LISP_MAP_REQUEST = 1,
LISP_MAP_REPLY,
LISP_MAP_REGISTER,
LISP_MAP_NOTIFY,
LISP_ENCAPSULATED_CONTROL_MESSAGE = 8
};
enum {
LISP_AUTH_NONE,
LISP_AUTH_SHA1,
LISP_AUTH_SHA256
};
static const struct tok lisp_type [] = {
{ 0, "LISP-Reserved" },
{ 1, "LISP-Map-Request" },
{ 2, "LISP-Map-Reply" },
{ 3, "LISP-Map-Register" },
{ 4, "LISP-Map-Notify" },
{ 8, "LISP-Encapsulated-Contol-Message" },
{ 0, NULL }
};
/*
* P-Bit : Request for Proxy Map-Reply from the MS/MR
* S-Bit : Security Enhancement. ETR is LISP-SEC enabled. draft-ietf-lisp-sec
* I-Bit : 128 bit xTR-ID and 64 bit Site-ID present.
* xTR-ID and Site-ID help in differentiation of xTRs in multi xTR
* and multi Site deployment scenarios.
* R-Bit : Built for a Reencapsulating-Tunnel-Router. Used in Traffic
* Engineering and Service Chaining
*/
static const struct tok map_register_hdr_flag[] = {
{ 0x08000000, "P-Proxy-Map-Reply" },
{ 0x04000000, "S-LISP-SEC-Capable" },
{ 0x02000000, "I-xTR-ID-Present" },
{ 0x01000000, "R-Build-For-RTR" },
{ 0x00000100, "M-Want-Map-Notify" },
{ 0, NULL }
};
static const struct tok map_notify_hdr_flag[] = {
{ 0x08000000, "I-xTR-ID-Present" },
{ 0x04000000, "R-Build-For-RTR" },
{ 0, NULL }
};
static const struct tok auth_type[] = {
{ LISP_AUTH_NONE, "None" },
{ LISP_AUTH_SHA1, "SHA1" },
{ LISP_AUTH_SHA256, "SHA256" },
{ 0, NULL}
};
static const struct tok lisp_eid_action[] = {
{ 0, "No-Action" },
{ 1, "Natively-Forward" },
{ 2, "Send-Map-Request" },
{ 3, "Drop" },
{ 0, NULL}
};
static const struct tok lisp_loc_flag[] = {
{ 0x0004, "Local-Locator" },
{ 0x0002, "RLoc-Probed" },
{ 0x0001, "Reachable" },
{ 0, NULL }
};
typedef struct map_register_hdr {
nd_uint8_t type_and_flag;
nd_uint8_t reserved;
nd_uint8_t reserved_and_flag2;
nd_uint8_t record_count;
nd_uint64_t nonce;
nd_uint16_t key_id;
nd_uint16_t auth_data_len;
} lisp_map_register_hdr;
#define MAP_REGISTER_HDR_LEN sizeof(lisp_map_register_hdr)
typedef struct map_register_eid {
nd_uint32_t ttl;
nd_uint8_t locator_count;
nd_uint8_t eid_prefix_mask_length;
nd_uint8_t act_auth_inc_res;
nd_uint8_t reserved;
nd_uint8_t reserved_version_hi;
nd_uint8_t version_low;
nd_uint16_t eid_prefix_afi;
} lisp_map_register_eid;
#define MAP_REGISTER_EID_LEN sizeof(lisp_map_register_eid)
typedef struct map_register_loc {
nd_uint8_t priority;
nd_uint8_t weight;
nd_uint8_t m_priority;
nd_uint8_t m_weight;
nd_uint16_t unused_and_flag;
nd_uint16_t locator_afi;
} lisp_map_register_loc;
#define MAP_REGISTER_LOC_LEN sizeof(lisp_map_register_loc)
static inline uint8_t extract_lisp_type(uint8_t);
static inline uint8_t is_xtr_data_present(uint8_t , uint8_t);
static void lisp_hdr_flag(netdissect_options *, const lisp_map_register_hdr *);
static void action_flag(netdissect_options *, uint8_t);
static void loc_hdr_flag(netdissect_options *, uint16_t);
void lisp_print(netdissect_options *ndo, const u_char *bp, u_int length)
{
uint8_t type;
uint8_t mask_len;
uint8_t loc_count;
uint8_t xtr_present;
uint8_t record_count;
uint16_t key_id;
uint16_t eid_afi;
uint16_t loc_afi;
uint16_t map_version;
uint16_t packet_offset;
uint16_t auth_data_len;
uint32_t ttl;
const u_char *packet_iterator;
const u_char *loc_ip_pointer;
const lisp_map_register_hdr *lisp_hdr;
const lisp_map_register_eid *lisp_eid;
const lisp_map_register_loc *lisp_loc;
/* Check if enough bytes for header are available */
ND_TCHECK2(*bp, MAP_REGISTER_HDR_LEN);
lisp_hdr = (const lisp_map_register_hdr *) bp;
lisp_hdr_flag(ndo, lisp_hdr);
/* Supporting only MAP NOTIFY and MAP REGISTER LISP packets */
type = extract_lisp_type(lisp_hdr->type_and_flag);
if ((type != LISP_MAP_REGISTER) && (type != LISP_MAP_NOTIFY))
return;
/* Find if the packet contains xTR and Site-ID data */
xtr_present = is_xtr_data_present(type, lisp_hdr->type_and_flag);
/* Extract the number of EID records present */
auth_data_len = EXTRACT_16BITS(&lisp_hdr->auth_data_len);
packet_iterator = (const u_char *)(lisp_hdr);
packet_offset = MAP_REGISTER_HDR_LEN;
record_count = lisp_hdr->record_count;
if (ndo->ndo_vflag) {
key_id = EXTRACT_16BITS(&lisp_hdr->key_id);
ND_PRINT((ndo, "\n %u record(s), ", record_count));
ND_PRINT((ndo, "Authentication %s,",
tok2str(auth_type, "unknown-type", key_id)));
hex_print(ndo, "\n Authentication-Data: ", packet_iterator +
packet_offset, auth_data_len);
} else {
ND_PRINT((ndo, " %u record(s),", record_count));
}
packet_offset += auth_data_len;
if (record_count == 0)
goto invalid;
/* Print all the EID records */
while ((length > packet_offset) && (record_count--)) {
ND_TCHECK2(*(packet_iterator + packet_offset), MAP_REGISTER_EID_LEN);
ND_PRINT((ndo, "\n"));
lisp_eid = (const lisp_map_register_eid *)
((const u_char *)lisp_hdr + packet_offset);
packet_offset += MAP_REGISTER_EID_LEN;
mask_len = lisp_eid->eid_prefix_mask_length;
eid_afi = EXTRACT_16BITS(&lisp_eid->eid_prefix_afi);
loc_count = lisp_eid->locator_count;
if (ndo->ndo_vflag) {
ttl = EXTRACT_32BITS(&lisp_eid->ttl);
ND_PRINT((ndo, " Record TTL %u,", ttl));
action_flag(ndo, lisp_eid->act_auth_inc_res);
map_version = (((lisp_eid->reserved_version_hi) & 15 ) * 255) +
lisp_eid->version_low;
ND_PRINT((ndo, " Map Version: %u,", map_version));
}
switch (eid_afi) {
case IPv4_AFI:
ND_TCHECK2(*(packet_iterator + packet_offset), 4);
ND_PRINT((ndo, " EID %s/%u,", ipaddr_string(ndo,
packet_iterator + packet_offset), mask_len));
packet_offset += 4;
break;
case IPv6_AFI:
ND_TCHECK2(*(packet_iterator + packet_offset), 16);
ND_PRINT((ndo, " EID %s/%u,", ip6addr_string(ndo,
packet_iterator + packet_offset), mask_len));
packet_offset += 16;
break;
default:
/*
* No support for LCAF right now.
*/
return;
break;
}
ND_PRINT((ndo, " %u locator(s)", loc_count));
while (loc_count--) {
ND_TCHECK2(*(packet_iterator + packet_offset), MAP_REGISTER_LOC_LEN);
lisp_loc = (const lisp_map_register_loc *) (packet_iterator + packet_offset);
loc_ip_pointer = (const u_char *) (lisp_loc + 1);
packet_offset += MAP_REGISTER_LOC_LEN;
loc_afi = EXTRACT_16BITS(&lisp_loc->locator_afi);
if (ndo->ndo_vflag)
ND_PRINT((ndo, "\n "));
switch (loc_afi) {
case IPv4_AFI:
ND_TCHECK2(*(packet_iterator + packet_offset), 4);
ND_PRINT((ndo, " LOC %s", ipaddr_string(ndo, loc_ip_pointer)));
packet_offset += 4;
break;
case IPv6_AFI:
ND_TCHECK2(*(packet_iterator + packet_offset), 16);
ND_PRINT((ndo, " LOC %s", ip6addr_string(ndo, loc_ip_pointer)));
packet_offset += 16;
break;
default:
break;
}
if (ndo->ndo_vflag) {
ND_PRINT((ndo, "\n Priority/Weight %u/%u,"
" Multicast Priority/Weight %u/%u,",
lisp_loc->priority, lisp_loc->weight,
lisp_loc->m_priority, lisp_loc->m_weight));
loc_hdr_flag(ndo, EXTRACT_16BITS(&lisp_loc->unused_and_flag));
}
}
}
/*
* Print xTR and Site ID. Handle the fact that the packet could be invalid.
* If the xTR_ID_Present bit is not set, and we still have data to display,
* show it as hex data.
*/
if (xtr_present) {
if (!ND_TTEST2(*(packet_iterator + packet_offset), 24))
goto invalid;
hex_print_with_offset(ndo, "\n xTR-ID: ", packet_iterator + packet_offset, 16, 0);
ND_PRINT((ndo, "\n SITE-ID: %" PRIu64,
EXTRACT_64BITS(packet_iterator + packet_offset + 16)));
} else {
/* Check if packet isn't over yet */
if (packet_iterator + packet_offset < ndo->ndo_snapend) {
hex_print_with_offset(ndo, "\n Data: ", packet_iterator + packet_offset,
(ndo->ndo_snapend - (packet_iterator + packet_offset)), 0);
}
}
return;
trunc:
ND_PRINT((ndo, "\n %s", tstr));
return;
invalid:
ND_PRINT((ndo, "\n %s", istr));
return;
}
static inline uint8_t extract_lisp_type(uint8_t lisp_hdr_flags)
{
return (lisp_hdr_flags) >> TYPE_INDEX;
}
static inline uint8_t is_xtr_data_present(uint8_t type, uint8_t lisp_hdr_flags)
{
uint8_t xtr_present = 0;
if (type == LISP_MAP_REGISTER)
xtr_present = (lisp_hdr_flags) & LISP_MAP_REGISTER_IBIT_MASK;
else if (type == LISP_MAP_NOTIFY)
xtr_present = (lisp_hdr_flags) & LISP_MAP_NOTIFY_IBIT_MASK;
return xtr_present;
}
static void lisp_hdr_flag(netdissect_options *ndo, const lisp_map_register_hdr *lisp_hdr)
{
uint8_t type = extract_lisp_type(lisp_hdr->type_and_flag);
if (!ndo->ndo_vflag) {
ND_PRINT((ndo, "%s,", tok2str(lisp_type, "unknown-type-%u", type)));
return;
} else {
ND_PRINT((ndo, "%s,", tok2str(lisp_type, "unknown-type-%u", type)));
}
if (type == LISP_MAP_REGISTER) {
ND_PRINT((ndo, " flags [%s],", bittok2str(map_register_hdr_flag,
"none", EXTRACT_32BITS(lisp_hdr))));
} else if (type == LISP_MAP_NOTIFY) {
ND_PRINT((ndo, " flags [%s],", bittok2str(map_notify_hdr_flag,
"none", EXTRACT_32BITS(lisp_hdr))));
}
return;
}
static void action_flag(netdissect_options *ndo, uint8_t act_auth_inc_res)
{
uint8_t action;
uint8_t authoritative;
authoritative = ((act_auth_inc_res >> 4) & 1);
if (authoritative)
ND_PRINT((ndo, " Authoritative,"));
else
ND_PRINT((ndo, " Non-Authoritative,"));
action = act_auth_inc_res >> 5;
ND_PRINT((ndo, " %s,", tok2str(lisp_eid_action, "unknown", action)));
}
static void loc_hdr_flag(netdissect_options *ndo, uint16_t flag)
{
ND_PRINT((ndo, " flags [%s],", bittok2str(lisp_loc_flag, "none", flag)));
}