IPv6 mobility: Modernize packet parsing and make fixes

Define ND_LONGJMP_FROM_TCHECK and remove two 'trunc' labels.
Report invalid packets as invalid with a reason, not truncated.
Use ND_ICHECKMSG_U() for some length tests and add two 'invalid' labels.
Fix the incorrect bounds check 'ND_TCHECK_1(bp + i + optlen)'. Replace
it by 'ND_TCHECK_LEN(bp + i, optlen)'.
Remove an useless ND_TCHECK_2().
Update the output for unknown options: Use decimal for type as IANA.
Update the reference from RFC 3775 to RFC 6275.

Fix some indentations.
Remove an extra blank line.

Update the outputs of some tests accordingly.

Author: fxlb

print-mobility.c

@@ -28,19 +28,19 @@
  */
 
 /* \summary: IPv6 mobility printer */
-/* RFC 3775 */
+/* RFC 6275 */
 
 #include <config.h>
 
 #include "netdissect-stdinc.h"
 
+#define ND_LONGJMP_FROM_TCHECK
 #include "netdissect.h"
 #include "addrtoname.h"
 #include "extract.h"
 
 #include "ip6.h"
 
-
 /* Mobility header */
 struct ip6_mobility {
 	nd_uint8_t ip6m_pproto;	/* following payload protocol (for PG) */
@@ -120,78 +120,65 @@ static int
 mobility_opt_print(netdissect_options *ndo,
                    const u_char *bp, const unsigned len)
 {
-	unsigned i, optlen;
+	unsigned i, opttype, optlen;
 
 	for (i = 0; i < len; i += optlen) {
-		if (GET_U_1(bp + i) == IP6MOPT_PAD1)
+		opttype = GET_U_1(bp + i);
+		if (opttype == IP6MOPT_PAD1)
 			optlen = 1;
 		else {
-			if (i + 1 < len) {
-				optlen = GET_U_1(bp + i + 1) + 2;
-			} else
-				goto trunc;
+			ND_ICHECKMSG_U("remaining length", (u_int)(len - i), <, 1);
+			optlen = GET_U_1(bp + i + 1) + 2;
 		}
-		if (i + optlen > len)
-			goto trunc;
-		ND_TCHECK_1(bp + i + optlen);
+		ND_ICHECKMSG_U("remaining length", (u_int)(len - i), <, optlen);
+		ND_TCHECK_LEN(bp + i, optlen);
 
-		switch (GET_U_1(bp + i)) {
+		switch (opttype) {
 		case IP6MOPT_PAD1:
 			ND_PRINT("(pad1)");
 			break;
 		case IP6MOPT_PADN:
-			if (len - i < IP6MOPT_MINLEN) {
-				ND_PRINT("(padn: trunc)");
-				goto trunc;
-			}
 			ND_PRINT("(padn)");
+			ND_ICHECKMSG_U("remaining length", (u_int)(len - i), <,
+				       IP6MOPT_MINLEN);
 			break;
 		case IP6MOPT_REFRESH:
-			if (len - i < IP6MOPT_REFRESH_MINLEN) {
-				ND_PRINT("(refresh: trunc)");
-				goto trunc;
-			}
+			ND_PRINT("(refresh: ");
+			ND_ICHECKMSG_U("remaining length", (u_int)(len - i), <,
+				       IP6MOPT_REFRESH_MINLEN);
 			/* units of 4 secs */
-			ND_PRINT("(refresh: %u)",
-				GET_BE_U_2(bp + i + 2) << 2);
+			ND_PRINT("%u)", GET_BE_U_2(bp + i + 2) << 2);
 			break;
 		case IP6MOPT_ALTCOA:
-			if (len - i < IP6MOPT_ALTCOA_MINLEN) {
-				ND_PRINT("(altcoa: trunc)");
-				goto trunc;
-			}
-			ND_PRINT("(alt-CoA: %s)", GET_IP6ADDR_STRING(bp + i + 2));
+			ND_PRINT("(alt-CoA: ");
+			ND_ICHECKMSG_U("remaining length", (u_int)(len - i), <,
+				       IP6MOPT_ALTCOA_MINLEN);
+			ND_PRINT("%s)", GET_IP6ADDR_STRING(bp + i + 2));
 			break;
 		case IP6MOPT_NONCEID:
-			if (len - i < IP6MOPT_NONCEID_MINLEN) {
-				ND_PRINT("(ni: trunc)");
-				goto trunc;
-			}
-			ND_PRINT("(ni: ho=0x%04x co=0x%04x)",
-				GET_BE_U_2(bp + i + 2),
-				GET_BE_U_2(bp + i + 4));
+			ND_PRINT("(ni: ");
+			ND_ICHECKMSG_U("remaining length", (u_int)(len - i), <,
+				       IP6MOPT_NONCEID_MINLEN);
+			ND_PRINT("ho=0x%04x co=0x%04x)",
+				 GET_BE_U_2(bp + i + 2),
+				 GET_BE_U_2(bp + i + 4));
 			break;
 		case IP6MOPT_AUTH:
-			if (len - i < IP6MOPT_AUTH_MINLEN) {
-				ND_PRINT("(auth: trunc)");
-				goto trunc;
-			}
 			ND_PRINT("(auth)");
+			ND_ICHECKMSG_U("remaining length", (u_int)(len - i), <,
+				       IP6MOPT_AUTH_MINLEN);
 			break;
 		default:
-			if (len - i < IP6MOPT_MINLEN) {
-				ND_PRINT("(sopt_type %u: trunc)",
-					 GET_U_1(bp + i));
-				goto trunc;
-			}
-			ND_PRINT("(type-0x%02x: len=%u)", GET_U_1(bp + i),
-				 GET_U_1(bp + i + 1));
+			ND_PRINT("(unknown: ");
+			ND_ICHECKMSG_U("remaining length", (u_int)(len - i), <,
+				       IP6MOPT_MINLEN);
+			ND_PRINT("type-#%u len=%u)", opttype, optlen - 2);
 			break;
 		}
 	}
 	return 0;
 
-trunc:
+invalid:
 	return 1;
 }
 
@@ -235,9 +222,9 @@ mobility_print(netdissect_options *ndo,
 		hlen = IP6M_MINLEN;
 		if (ndo->ndo_vflag) {
 			ND_PRINT(" %s Init Cookie=%08x:%08x",
-			       type == IP6M_HOME_TEST_INIT ? "Home" : "Care-of",
-			       GET_BE_U_4(bp + hlen),
-			       GET_BE_U_4(bp + hlen + 4));
+			         type == IP6M_HOME_TEST_INIT ? "Home" : "Care-of",
+			         GET_BE_U_4(bp + hlen),
+			         GET_BE_U_4(bp + hlen + 4));
 		}
 		hlen += 8;
 		break;
@@ -247,16 +234,16 @@ mobility_print(netdissect_options *ndo,
 		hlen = IP6M_MINLEN;
 		if (ndo->ndo_vflag) {
 			ND_PRINT(" %s Init Cookie=%08x:%08x",
-			       type == IP6M_HOME_TEST ? "Home" : "Care-of",
-			       GET_BE_U_4(bp + hlen),
-			       GET_BE_U_4(bp + hlen + 4));
+			         type == IP6M_HOME_TEST ? "Home" : "Care-of",
+			         GET_BE_U_4(bp + hlen),
+			         GET_BE_U_4(bp + hlen + 4));
 		}
 		hlen += 8;
 		if (ndo->ndo_vflag) {
 			ND_PRINT(" %s Keygen Token=%08x:%08x",
-			       type == IP6M_HOME_TEST ? "Home" : "Care-of",
-			       GET_BE_U_4(bp + hlen),
-			       GET_BE_U_4(bp + hlen + 4));
+			         type == IP6M_HOME_TEST ? "Home" : "Care-of",
+			         GET_BE_U_4(bp + hlen),
+			         GET_BE_U_4(bp + hlen + 4));
 		}
 		hlen += 8;
 		break;
@@ -265,7 +252,6 @@ mobility_print(netdissect_options *ndo,
 		int bits;
 		ND_PRINT(" seq#=%u", GET_BE_U_2(mh->ip6m_data16[0]));
 		hlen = IP6M_MINLEN;
-		ND_TCHECK_2(bp + hlen);
 		bits = (GET_U_1(bp + hlen) & 0xf0) >> 4;
 		if (bits) {
 			ND_PRINT(" ");
@@ -307,14 +293,10 @@ mobility_print(netdissect_options *ndo,
 	}
 	if (ndo->ndo_vflag)
 		if (mobility_opt_print(ndo, bp + hlen, mhlen - hlen))
-			goto trunc;
+			goto invalid;
 
 	return(mhlen);
 
-trunc:
-	nd_print_trunc(ndo);
-	return(-1);
-
 invalid:
 	nd_print_invalid(ndo);
 	return(-1);

tests/cve2015-0261-ipv6.out

@@ -1,2 +1,2 @@
-    1  2002-12-31 13:55:31.300000 IP6 [header+payload length 26510 > length 185] (invalid) (class 0x76, flowlabel 0x76767, hlim 103, next-header Mobility (135), payload length 26470) 6767:6767:6767:6767:6767:6767:6767:6767 > 6767:6767:6767:6767:6767:6767:6767:6705: mobility: (payload protocol 255 should be 59) BU seq#=26471 HL lifetime=105884(type-0x67: len=103) [|mobility]
+    1  2002-12-31 13:55:31.300000 IP6 [header+payload length 26510 > length 185] (invalid) (class 0x76, flowlabel 0x76767, hlim 103, next-header Mobility (135), payload length 26470) 6767:6767:6767:6767:6767:6767:6767:6767 > 6767:6767:6767:6767:6767:6767:6767:6705: mobility: (payload protocol 255 should be 59) BU seq#=26471 HL lifetime=105884(unknown: type-#103 len=103) [|mobility]
     2  2003-03-06 15:21:11.300000 IP6 [header+payload length 26510 > length 185] (invalid) (class 0x76, flowlabel 0x76767, hlim 103, next-header Mobility (135), payload length 26470) 6767:6767:6767:6767:6767:6767:6767:6767 > 6767:6767:4f67:6767:6767:6767:6767:6767: mobility: (payload protocol 0 should be 59) BA (header length 8 < 16) (invalid)

tests/mobility_opt_asan.out

@@ -1,2 +1,2 @@
-    1  1975-04-27 07:53:17.131862 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) d400:7fa1:0:400::6238:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15872(pad1) [|mobility]
-    2  2017-12-27 14:32:13.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) d4c3:b2a1:200:400::6238:2949 > 9675:86dd:73f0:2c:1c7f:ffff:ebc3:b291: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15360 [|mobility]
+    1  1975-04-27 07:53:17.131862 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) d400:7fa1:0:400::6238:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15872(pad1)(refresh:  [|mobility]
+    2  2017-12-27 14:32:13.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) d4c3:b2a1:200:400::6238:2949 > 9675:86dd:73f0:2c:1c7f:ffff:ebc3:b291: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15360(refresh: 2056) [|mobility]

tests/mobility_opt_asan_2.out

@@ -1 +1 @@
-    1  1975-06-23 00:41:36.999999 IP6 (class 0x50, flowlabel 0x0002c, hlim 0, next-header Mobile IP (old) (62), payload length 7168) ff:7f0f:40:0:ee00:0:b658:5203 > 205:20:1:b00:0:2200:af01:e000: mobility: (payload protocol 6 should be 59) BRR(type-0x06: len=0) [|mobility]
+    1  1975-06-23 00:41:36.999999 IP6 (class 0x50, flowlabel 0x0002c, hlim 0, next-header Mobile IP (old) (62), payload length 7168) ff:7f0f:40:0:ee00:0:b658:5203 > 205:20:1:b00:0:2200:af01:e000: mobility: (payload protocol 6 should be 59) BRR(unknown: type-#6 len=0)(ni:  [|mobility]

tests/mobility_opt_asan_3.out

@@ -1,2 +1,2 @@
     1  1975-04-27 07:53:17.131862 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) d400:7fa1:200:400::6238:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: mobility: (payload protocol 2 should be 59) CoT nonce id=0x74 Care-of Init Cookie=80570f80:00000004 [|mobility]
-    2  2017-12-27 14:32:13.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) ffc3:b2a1:200:400::6238:2949 > 9675:86dd:73f0:2c:1c7f:ffff:ebc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=39837 lifetime=261452 [|mobility]
+    2  2017-12-27 14:32:13.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) ffc3:b2a1:200:400::6238:2949 > 9675:86dd:73f0:2c:1c7f:ffff:ebc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=39837 lifetime=261452(alt-CoA:  [|mobility]

tests/mobility_opt_asan_4.out

@@ -1 +1 @@
-    1  2018-01-12 12:49:44.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 237, next-header Mobile IP (old) (62), payload length 7168) d3c3:b2a9:200:400::6238:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15360(pad1)(pad1)(type-0x3c: len=19)(ni: ho=0x0400 co=0x0012) [|mobility]
+    1  2018-01-12 12:49:44.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 237, next-header Mobile IP (old) (62), payload length 7168) d3c3:b2a9:200:400::6238:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15360(pad1)(pad1)(unknown: type-#60 len=19)(ni: ho=0x0400 co=0x0012)(ni:  [|mobility]

tests/mobility_opt_asan_5.out

@@ -1 +1 @@
-    1  1975-06-23 00:41:36.999999 IP6 (class 0x50, flowlabel 0x0002c, hlim 0, next-header Mobile IP (old) (62), payload length 7168) ff:7f0f:40:0:ee00:0:b658:5203 > 205:20:1:b00:0:2200:af01:e000: mobility: (payload protocol 6 should be 59) BRR(type-0x06: len=0) [|mobility]
+    1  1975-06-23 00:41:36.999999 IP6 (class 0x50, flowlabel 0x0002c, hlim 0, next-header Mobile IP (old) (62), payload length 7168) ff:7f0f:40:0:ee00:0:b658:5203 > 205:20:1:b00:0:2200:af01:e000: mobility: (payload protocol 6 should be 59) BRR(unknown: type-#6 len=0)(ni:  [|mobility]

tests/mobility_opt_asan_6.out

@@ -1,2 +1,2 @@
-    1  1975-04-27 07:53:17.131862 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) d400:7fa1:0:400::6238:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15872(pad1) [|mobility]
-    2  2017-12-27 14:32:13.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) d4c3:b2a1:200:400::6238:2949 > 9675:86dd:73f0:2c:1c7f:ffff:ebc3:b291: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15360 [|mobility]
+    1  1975-04-27 07:53:17.131862 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) d400:7fa1:0:400::6238:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15872(pad1)(refresh:  [|mobility]
+    2  2017-12-27 14:32:13.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) d4c3:b2a1:200:400::6238:2949 > 9675:86dd:73f0:2c:1c7f:ffff:ebc3:b291: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15360(refresh: 2056) [|mobility]

tests/mobility_opt_asan_7.out

@@ -1,2 +1,2 @@
     1  1975-04-27 07:53:17.131862 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) d400:7fa1:200:400::6238:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: mobility: (payload protocol 2 should be 59) CoT nonce id=0x74 Care-of Init Cookie=80570f80:00000004 [|mobility]
-    2  2017-12-27 14:32:13.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) ffc3:b2a1:200:400::6238:2949 > 9675:86dd:73f0:2c:1c7f:ffff:ebc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=39837 lifetime=261452 [|mobility]
+    2  2017-12-27 14:32:13.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 0, next-header Mobile IP (old) (62), payload length 7168) ffc3:b2a1:200:400::6238:2949 > 9675:86dd:73f0:2c:1c7f:ffff:ebc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=39837 lifetime=261452(alt-CoA:  [|mobility]

tests/mobility_opt_asan_8.out

@@ -1 +1 @@
-    1  2018-01-12 12:49:44.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 237, next-header Mobile IP (old) (62), payload length 7168) d3c3:b2a9:200:400::6238:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15360(pad1)(pad1)(type-0x3c: len=19)(ni: ho=0x0400 co=0x0012) [|mobility]
+    1  2018-01-12 12:49:44.999999 IP6 (class 0x50, flowlabel 0x00004, hlim 237, next-header Mobile IP (old) (62), payload length 7168) d3c3:b2a9:200:400::6238:2949 > 9675:86dd:7300:2c:1c7f:ffff:ffc3:b2a1: mobility: (payload protocol 2 should be 59) BU seq#=116 A lifetime=15360(pad1)(pad1)(unknown: type-#60 len=19)(ni: ho=0x0400 co=0x0012)(ni:  [|mobility]