frag6: Fix invalid 32-bit versus 64-bit printouts

fxlb · fxlb · commit 4966c764d28a · 2024-05-07T21:20:16.000+02:00
Print "[length < 0] (invalid)" when fragment length is negative. In this case, e.g. when IPv6 payload length is zero, the 32-bit and 64-bit printouts were different. Example: 32-bit: frag (0x80000074:1280|4294967288) --- 64-bit: frag (0x80000074:1280|18446744073709551608) Add a test file. (cherry picked from commit 067f7dd)
diff --git a/print-frag6.c b/print-frag6.c
@@ -45,10 +45,14 @@ frag6_print(netdissect_options *ndo, const u_char *bp, const u_char *bp2)
 	ND_PRINT("frag (");
 	if (ndo->ndo_vflag)
 		ND_PRINT("0x%08x:", GET_BE_U_4(dp->ip6f_ident));
-	ND_PRINT("%u|%zu)",
-		 GET_BE_U_2(dp->ip6f_offlg) & IP6F_OFF_MASK,
-		 sizeof(struct ip6_hdr) + GET_BE_U_2(ip6->ip6_plen) -
-			(bp - bp2) - sizeof(struct ip6_frag));
+	ND_PRINT("%u|", GET_BE_U_2(dp->ip6f_offlg) & IP6F_OFF_MASK);
+	if ((bp - bp2) + sizeof(struct ip6_frag) >
+	    sizeof(struct ip6_hdr) + GET_BE_U_2(ip6->ip6_plen))
+		ND_PRINT("[length < 0] (invalid))");
+	else
+		ND_PRINT("%zu)",
+			 sizeof(struct ip6_hdr) + GET_BE_U_2(ip6->ip6_plen) -
+			 (bp - bp2) - sizeof(struct ip6_frag));
 
 	/* it is meaningless to decode non-first fragment */
 	if ((GET_BE_U_2(dp->ip6f_offlg) & IP6F_OFF_MASK) != 0)
diff --git a/tests/TESTLIST b/tests/TESTLIST
@@ -327,6 +327,7 @@ ipv6_invalid_length_2 ipv6_invalid_length_2.pcap ipv6_invalid_length_2.out -v
 ipv6_jumbogram_invalid_length ipv6_jumbogram_invalid_length.pcap ipv6_jumbogram_invalid_length.out -v
 ipv6_39_byte_header ipv6_39_byte_header.pcap ipv6_39_byte_header.out -v
 ipv6_missing_jumbo_payload_option ipv6_missing_jumbo_payload_option.pcap ipv6_missing_jumbo_payload_option.out
+ipv6_frag6_negative_len ipv6_frag6_negative_len.pcap ipv6_frag6_negative_len.out -v
 
 # Loopback/CTP test case
 loopback	loopback.pcap		loopback.out
diff --git a/tests/ipv6_frag6_negative_len.out b/tests/ipv6_frag6_negative_len.out
@@ -0,0 +1 @@
+    1  1975-11-02 10:29:20.131862 IP6 (class 0x50, flowlabel 0x00073, hlim 28, next-header Fragment (44) payload length: 0) 7fff:ffff:c3b2:a102:1305:80:38:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: frag (0x80000074:1280|[length < 0] (invalid))
diff --git a/tests/ipv6_frag6_negative_len.pcap b/tests/ipv6_frag6_negative_len.pcap

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ 1 1975-11-02 10:29:20.131862 IP6 (class 0x50, flowlabel 0x00073, hlim 28, next-header Fragment (44) payload length: 0) 7fff:ffff:c3b2:a102:1305:80:38:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: frag (0x80000074:1280\|[length < 0] (invalid))`