ubsan fixes for various tcpdump printers #1012

It's not enough for the *packet* to be able to contain the RD; the route data also has to be long enough; otherwise, we will try to shift a negative length left in order to pass it to bgp_vpn_ip_print() print-bgp.c:1848:9: runtime error: left shift of negative value -8 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-bgp.c:1848:9 in

…ecksum calculation The fletcher checksum calculation would sometimes left-shift a negative number, which is an undefined operation. Rework the code to avoid this. checksum.c:186:20: runtime error: left shift of negative value -36 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior checksum.c:186:20 in Unlike some checksum routines that use the defined semantics of 2's-complement unsigned overflow to their advantage, this one gets the wrong value if it is allowed to overflow, due to the use of mod-255. Convert c1 to uint64_t to avoid overflow checksum.c:163:16: runtime error: unsigned integer overflow: NNN + NNN cannot be represented in type 'unsigned int' Use integers during subtraction to avoid implicit conversion to unsigned when calculating both x and y checksum.c:172:18: runtime error: unsigned integer overflow: NNN - NNN cannot be represented in type 'unsigned int' checksum.c:172:9: runtime error: implicit conversion from type 'unsigned int' of value NNN (32-bit, unsigned) to type 'int' changed the value to -NNN (32-bit, signed) checksum.c:173:12: runtime error: unsigned integer overflow: NNN - NNN cannot be represented in type 'unsigned int' checksum.c:173:9: runtime error: implicit conversion from type 'unsigned int' of value NNN (32-bit, unsigned) to type 'int' changed the value to -NNN (32-bit, signed)

When converting an integer from ASN.1, use an unsigned value for the partial result and assign it to the integer part of the union at the end, to avoid shifting a negative number left. print-snmp.c:545:19: runtime error: left shift of negative value -1 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-snmp.c:545:19 in OID elements are unsigned; a large-enough oid value could result in the undefined behavior of shifting a signed integer left through the sign bit, so simply store them as unsigned. print-snmp.c:769:11: runtime error: left shift of 268435455 by 7 places cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-snmp.c:769:11 in

Check for truncation before doing pointer arithmetic to point to the end of the packet. print-lwres.c:294:10: runtime error: addition of unsigned offset to 0xf3b032be overflowed to 0x9652d560 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-lwres.c:294:10 in print-lwres.c:549:29: runtime error: addition of unsigned offset to 0xf3b032be overflowed to 0x9652d560 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-lwres.c:549:29 in

Handle ls_length shorter than sizeof(lsa_hdr) in the same way as OSPF. Use a u_int32 to hold a loop variable initialized with GET_BE_U_4. print-ospf6.c:817:46: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-ospf6.c:817:46 in

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ubsan fixes for various tcpdump printers #1012

ubsan fixes for various tcpdump printers #1012

Commits on Feb 2, 2023

ubsan fixes for various tcpdump printers #1012

Are you sure you want to change the base?

ubsan fixes for various tcpdump printers #1012

Commits on Feb 2, 2023