DNS: Use ND_TCHECK_LEN() instead of a custom bounds check

fxlb · fxlb · commit 2d2951af231e · 2025-02-08T21:17:34.000Z
This avoids an invalid-pointer-pair AddressSanitizer error. Add a test file. The error was: reading from file ppp_ip_udp_dns.pcap, link-type PPP_SERIAL(PPP over serial), snapshot length 2098998 ================================================================= ==258093==ERROR: AddressSanitizer: invalid-pointer-pair: 0x61300000c086 0x61300000019e #0 0x78274f in ns_rprint [...]/print-domain.c:728:9 Address 0x61300000c086 is a wild pointer inside of access range of size 0x000000000001. 0x61300000019e is located 0 bytes after 350-byte region [0x613000000040,0x61300000019e) allocated by thread T0 here: #0 0x4b997e in malloc ([...]/tcpdump+0x4b997e) #1 0x60220b in ppp_hdlc [...]/print-ppp.c:1367:16 SUMMARY: AddressSanitizer: invalid-pointer-pair [...]/print-domain.c:728:9 in ns_rprint
diff --git a/print-domain.c b/print-domain.c
@@ -722,11 +722,10 @@ ns_rprint(netdissect_options *ndo,
 	len = GET_BE_U_2(cp);
 	cp += 2;
 
-	rp = cp + len;
-
 	ND_PRINT(" %s", tok2str(ns_type2str, "Type%u", typ));
-	if (rp > ndo->ndo_snapend)
-		return(NULL);
+
+	ND_TCHECK_LEN(cp, len);
+	rp = cp + len;
 
 	switch (typ) {
 	case T_A:
@@ -896,6 +895,9 @@ ns_rprint(netdissect_options *ndo,
 	    }
 	}
 	return (rp);		/* XXX This isn't always right */
+
+trunc:
+	return(NULL);
 }
 
 void
diff --git a/tests/TESTLIST b/tests/TESTLIST
@@ -359,6 +359,7 @@ dns_udp dns_udp.pcap dns_udp.out
 dns_udp-v dns_udp.pcap dns_udp-v.out -v
 dns_udp-vv dns_udp.pcap dns_udp-vv.out -vv
 dns_udp-vvv dns_udp.pcap dns_udp-vvv.out -vvv
+ppp_ip_udp_dns-vv ppp_ip_udp_dns.pcap ppp_ip_udp_dns.out -vv
 # tests with --skip option
 dns_tcp-skip-3 dns_tcp.pcap dns_tcp-skip-3.out --skip 3
 dns_tcp-skip-3-c-4 dns_tcp.pcap dns_tcp-skip-3-c-4.out --skip 3 -c 4
diff --git a/tests/ppp_ip_udp_dns.out b/tests/ppp_ip_udp_dns.out
@@ -0,0 +1,2 @@
+    1  2037-11-24 07:59:58.999999 unknown PPP protocol (0x7e08): IP [total length 49441 > length 348] (invalid) (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 49441, bad cksum 45ee (->13)!)
+    69.168.178.248.53 > 192.168.0.111.1024: [bad udp cksum 0x33ea -> 0x73b6!] 0 [0q] [65535au] ar: . OPT UDPsize=26995 [Opt25701], . (Class 3584) Type0 [|domain]
diff --git a/tests/ppp_ip_udp_dns.pcap b/tests/ppp_ip_udp_dns.pcap

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+ 1 2037-11-24 07:59:58.999999 unknown PPP protocol (0x7e08): IP [total length 49441 > length 348] (invalid) (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 49441, bad cksum 45ee (->13)!)`
	`2`	`+ 69.168.178.248.53 > 192.168.0.111.1024: [bad udp cksum 0x33ea -> 0x73b6!] 0 [0q] [65535au] ar: . OPT UDPsize=26995 [Opt25701], . (Class 3584) Type0 [\|domain]`