diff options
author | Jérôme LAFORGE <jerome.laforge@gmail.com> | 2014-08-31 00:17:07 +0200 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2014-08-30 23:29:26 +0000 |
commit | 26731e8cc6824dc7c0a85d4351352f18f886eb55 (patch) | |
tree | 34f6faa9cbe2cb6d63b40e646ab9ec2fd6b15728 | |
parent | f415e1c34887ff5ca50f0af499a7f52cfc6c7d56 (diff) |
Check whether the hop-count exceeds the HOP_COUNT_LIMIT or not.
Change-Id: If1c089e069b93a7b90cb525cd642ac26c5efa2d0
Reviewed-on: https://code.wireshark.org/review/3924
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
-rw-r--r-- | epan/dissectors/packet-dhcpv6.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/epan/dissectors/packet-dhcpv6.c b/epan/dissectors/packet-dhcpv6.c index 59560096a7..ba8a06bab9 100644 --- a/epan/dissectors/packet-dhcpv6.c +++ b/epan/dissectors/packet-dhcpv6.c @@ -203,6 +203,7 @@ static expert_field ei_dhcpv6_no_suboption_len = EI_INIT; static expert_field ei_dhcpv6_invalid_time_value = EI_INIT; static expert_field ei_dhcpv6_invalid_type = EI_INIT; static expert_field ei_dhcpv6_malformed_dns = EI_INIT; +static expert_field ei_dhcpv6_error_hopcount = EI_INIT; static int hf_dhcpv6_bulk_leasequery_size = -1; @@ -221,6 +222,7 @@ static expert_field ei_dhcpv6_bulk_leasequery_bad_msg_type = EI_INIT; #define UDP_PORT_DHCPV6_UPSTREAM 547 #define DHCPV6_LEASEDURATION_INFINITY 0xffffffff +#define HOP_COUNT_LIMIT 32 #define SOLICIT 1 #define ADVERTISE 2 @@ -1904,7 +1906,7 @@ dissect_dhcpv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean downstream, int off, int eoff) { proto_tree *bp_tree = NULL; - proto_item *ti; + proto_item *ti, *subti = NULL; guint8 msgtype; gboolean at_end; struct e_in6_addr in6; @@ -1920,11 +1922,18 @@ dissect_dhcpv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if ((msgtype == RELAY_FORW) || (msgtype == RELAY_REPLY)) { + guint8 byte; if (tree) { proto_tree_add_item(bp_tree, hf_dhcpv6_msgtype, tvb, off, 1, ENC_BIG_ENDIAN); - proto_tree_add_item(bp_tree, hf_dhcpv6_hopcount, tvb, off + 1, 1, ENC_BIG_ENDIAN); + subti = proto_tree_add_item(bp_tree, hf_dhcpv6_hopcount, tvb, off + 1, 1, ENC_BIG_ENDIAN); proto_tree_add_item(bp_tree, hf_dhcpv6_linkaddr, tvb, off + 2, 16, ENC_NA); proto_tree_add_item(bp_tree, hf_dhcpv6_peeraddr, tvb, off + 18, 16, ENC_NA); + + } + /* Check the hopcount not exceed the HOP_COUNT_LIMIT */ + byte = tvb_get_guint8(tvb, off + 1); + if (byte > HOP_COUNT_LIMIT) { + expert_add_info_format(pinfo, subti, &ei_dhcpv6_error_hopcount, "Hopcount (%d) exceeds the maximum limit HOP_COUNT_LIMIT (%d)", byte, HOP_COUNT_LIMIT); } tvb_get_ipv6(tvb, off + 2, &in6); col_append_fstr(pinfo->cinfo, COL_INFO, "L: %s ", ip6_to_str(&in6)); @@ -2286,6 +2295,7 @@ proto_register_dhcpv6(void) { &ei_dhcpv6_invalid_time_value, { "dhcpv6.invalid_time_value", PI_PROTOCOL, PI_WARN, "Invalid time value", EXPFILL }}, { &ei_dhcpv6_invalid_type, { "dhcpv6.invalid_type", PI_PROTOCOL, PI_WARN, "Invalid type", EXPFILL }}, { &ei_dhcpv6_malformed_dns, { "dhcpv6.malformed_dns", PI_PROTOCOL, PI_WARN, "Malformed DNS name record (MS Vista client?)", EXPFILL }}, + { &ei_dhcpv6_error_hopcount, { "dhcpv6.error_hopcount", PI_PROTOCOL, PI_WARN, "Detected error on hop-count", EXPFILL }}, }; static hf_register_info bulk_leasequery_hf[] = { |