On Thu, Feb 23, 2023 at 11:00:12AM -0700, Theo de Raadt wrote:
> It should use vis(3), similar to this:
>
> print-pfsync.c: cp = vis(cp, clr->ifname[i], VIS_WHITE, 0);
[ see bottom of quoted message or search down to PJP ]
> p...@delphinusdns.org wrote:
>
> > >Synopsis: tcpdump/print-cdp.c allows escape codes to be sent to terminal
> > >Category: system
> > >Environment:
> > System : OpenBSD 7.2
> > Details : OpenBSD 7.2 (GENERIC.MP) #2: Thu Nov 24 23:53:03 MST 2022
> >
> > r...@syspatch-72-arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP
> >
> > Architecture: OpenBSD.arm64
> > Machine : arm64
> > >Description:
> > While trying to disturb tcpdump for the last few days (see earlier posts
> > to bugs@), I came across tcpdump's CDP protocol. I was able to change the
> > terminal colour of my tcpdump with a specially crafted packet (see earlier
> > posts too). CDP does no filtering of what gets send and outputs everything
> > from the
> > wire like so:
> >
> > 84 switch(type) {
> > 85 case 0x01:
> > 86 printf(" DevID '%.*s'", len - 4, p + i + 4);
> > 87 break;
> >
> > >How-To-Repeat:
> > code-reading.
> > >Fix:
> > for (x = 0; x < len - 4; x++) {
> > printf("%c", isprint(*(p + i + x + 4)) ? *(p + i + x + 4) :
> > '.');
> > }
> >
> > or something like that, I think we have ctypes for tcpdump. Also
> > the way IP addresses are printed in this is sorta disgusting. There
> > is functions for that.
> >
> >
> > dmesg:
<cut>
PJP
I have found this function in tcpdump/util.c called fn_printn() that escapes
text. Here is how it looks like in my tcpdump:
root@echo# obj/tcpdump -v -n -i bse0 -s 1500 proto gre
tcpdump: listening on bse0, link-type EN10MB
11:48:31.478796 192.168.177.13 > 255.255.255.255: gre [R] 2000 off 0x0
(rtaf=0x0) CDP v0, ttl=0s 01/14 DevID 'P^[[32mPPPPPPPPPP' 5050/5050[|cdp] (ttl
255, id 0, len 20)
Then someone else can modify fn_printn() with vis() (I don't think I'm good
with that).
Patch follows for tcpdump/print-cdp.c to start closing this terminal nuisance.
Best Regards,
-peter
Index: print-cdp.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/print-cdp.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 print-cdp.c
--- print-cdp.c 11 Sep 2019 15:20:30 -0000 1.8
+++ print-cdp.c 25 Feb 2023 10:53:46 -0000
@@ -83,7 +83,10 @@ cdp_print(const u_char *p, u_int length,
/*
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4500-series-switches/13414-103.html#cdp
*/
switch(type) {
case 0x01:
- printf(" DevID '%.*s'", len - 4, p + i + 4);
+ printf(" DevID '");
+ if (fn_printn(p + i + 4, len - 4, snapend) == 1)
+ goto error;
+ printf("'");
break;
case 0x02:
printf(" Addr");
@@ -91,7 +94,10 @@ cdp_print(const u_char *p, u_int length,
goto error;
break;
case 0x03:
- printf(" PortID '%.*s'", len - 4, p + i + 4);
+ printf(" PortID '");
+ if (fn_printn(p + i + 4, len - 4, snapend) == 1)
+ goto error;
+ printf("'");
break;
case 0x04:
if (len < 8)
@@ -99,19 +105,28 @@ cdp_print(const u_char *p, u_int length,
printf(" CAP 0x%02x", (unsigned) p[i+7]);
break;
case 0x05:
- if (vflag)
- printf(" Version %.*s", len-4, p+i+4 );
- else
+ if (vflag) {
+ printf(" Version '");
+ if (fn_printn(p + i + 4, len - 4, snapend) == 1)
+ goto error;
+ printf("'");
+ } else
printf(" Version (suppressed)" );
break;
case 0x06:
- printf(" Platform '%.*s'", len-4, p+i+4 );
+ printf(" Platform '");
+ if (fn_printn(p + i + 4, len - 4, snapend) == 1)
+ goto error;
+ printf("'");
break;
case 0x07:
cdp_print_prefixes(p+i+4, len-4);
break;
case 0x09:
- printf(" VTP-Management-Domain '%.*s'", len-4, p+i+4 );
+ printf(" VTP-Management-Domain '");
+ if (fn_printn(p + i + 4, len - 4, snapend) == 1)
+ goto error;
+ printf("'");
break;
case 0x0a:
if (len < 6)
