afghanistanyn / dpkt

Automatically exported from code.google.com/p/dpkt
Other
0 stars 0 forks source link

lldp parser should stop at end tlv #137

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. create an ethernet packet that is padded for min length
2. add only required tlv to lldp pdu
  0000:  01 80 c2 00 00 0e b6 0b bc fd ca 93 88 cc 02 02 07 01 04 02 07 33 06 02 12 34 10 0c 05 01
  0030:  c0 00 00 02 03 03 00 00 00 00 00 00 00 00 
  make sure to pad the ethernet packet with zero for min length

3. lldp.unpack(pkt[14:]). unpack pass the ethernet header, not specifying the 
end of lldp packet
    (need to parse it to get that length...)

What is the expected output? What do you see instead?
   in LLDP.unpack(), we should get an unpacked PDU
   instead we get an error, invalid length, due to parsing continuing pass the TLV_END

   proposed fix lldp.py, class LLDP

    def unpack(self, buf):
        super(LLDP, self).unpack(buf)
        self.tlvs = []

        while buf:
            tlv_type = LLDPBasicTLV.get_type(buf)
            basic_tlv = self._tlv_parsers[tlv_type](buf)
            self.tlvs.append(basic_tlv)
            buf = buf[len(basic_tlv):]
+            if (basic_tlv.tlv_type == LLDP_TLV_END):
+                buf = ''
+                return
+

Found another problem while parsing the management address for the same packet, 
the offset for the interface / oid is of by 1.

class ManagementAddress
    def unpack(self, buf):
        super(ManagementAddress, self).unpack(buf)
        (self.addr_len, self.addr_subtype) = struct.unpack(
            self.ADDR_STR, self.data[:self.ADDR_SIZE])
        if not self._addr_len_valid():
            raise dpkt.UnpackError('invalid addr len')
-        offset = self.ADDR_SIZE + self.addr_len
+        offset = self.ADDR_SIZE + self.addr_len -1
         self._addr = self.data[self.ADDR_SIZE:offset]

Original issue reported on code.google.com by cha...@google.com on 13 Feb 2015 at 11:13

GoogleCodeExporter commented 9 years ago
FUCKING JUNKIE 

Original comment by twistedj...@gmail.com on 20 Feb 2015 at 10:43