f += size - 1;
break;
case LLDP_TLV_TTL:
- if (size != 2) {
- LLOG_WARNX("incorrect size for ttl tlv received on %s",
+ if (size < 2) {
+ LLOG_WARNX("too short frame for ttl tlv received on %s",
hardware->h_ifname);
goto malformed;
}
chassis->c_ttl = ntohs(*(u_int16_t*)(frame + f));
- f += 2;
+ f += size;
break;
case LLDP_TLV_PORT_DESCR:
case LLDP_TLV_SYSTEM_NAME:
else chassis->c_descr = b;
break;
case LLDP_TLV_SYSTEM_CAP:
- if (size != 4) {
- LLOG_WARNX("system cap tlv with incorrect size "
+ if (size < 4) {
+ LLOG_WARNX("too short system cap tlv "
"received on %s",
hardware->h_ifname);
goto malformed;
chassis->c_cap_available = ntohs(*(u_int16_t*)(frame + f));
f += 2;
chassis->c_cap_enabled = ntohs(*(u_int16_t*)(frame + f));
- f += 2;
+ f += size - 2;
break;
case LLDP_TLV_MGMT_ADDR:
if (size < 11) {
int vlan_len;
if ((size < 7) ||
- (size != 7 + *(u_int8_t*)(frame + f + 6))) {
+ (size < 7 + *(u_int8_t*)(frame + f + 6))) {
LLOG_WARNX("too short vlan tlv "
"received on %s",
hardware->h_ifname);
vlan_len);
TAILQ_INSERT_TAIL(&port->p_vlans,
vlan, v_entries);
- f += vlan_len;
+ f += size - 7;
} else {
/* Unknown Dot1 TLV, ignore it */
f += size;
switch (subtype) {
case LLDP_TLV_DOT3_MAC:
f += 4;
- if (size != 9) {
+ if (size < 9) {
LLOG_WARNX("too short mac/phy tlv "
"received on %s",
hardware->h_ifname);
f += 2;
port->p_mau_type =
ntohs(*(u_int16_t*)(frame + f));
- f += 2;
+ f += size - 7;
break;
case LLDP_TLV_DOT3_LA:
- if (size != 9) {
+ if (size < 9) {
LLOG_WARNX("too short aggreg tlv "
"received on %s",
hardware->h_ifname);
}
port->p_aggregid =
ntohl(*(u_int32_t*)(frame + f + 5));
- f += 9;
+ f += size;
break;
default:
/* Unknown Dot3 TLV, ignore it */
switch (subtype) {
case LLDP_TLV_MED_CAP:
f += 4;
- if (size != 7) {
+ if (size < 7) {
LLOG_WARNX("too short LLDP-MED cap "
"tlv received on %s",
hardware->h_ifname);
f += 2;
chassis->c_med_type =
*(u_int8_t*)(frame + f);
- f += 1;
+ f += size - 6;
chassis->c_med_cap_enabled |=
LLDPMED_CAP_CAP;
break;
case LLDP_TLV_MED_POLICY:
f += 4;
- if (size != 8) {
+ if (size < 8) {
LLOG_WARNX("too short LLDP-MED policy "
"tlv received on %s",
hardware->h_ifname);
(policy & 0x1C0) >> 6;
chassis->c_med_policy[(policy >> 24) - 1].dscp =
policy & 0x3F;
- f += 4;
+ f += size - 4;
chassis->c_med_cap_enabled |=
LLDPMED_CAP_POLICY;
break;
break;
case LLDP_TLV_MED_MDI:
f += 4;
- if (size != 7) {
+ if (size < 7) {
LLOG_WARNX("too short LLDP-MED PoE-MDI "
"tlv received on %s",
hardware->h_ifname);
f += 1;
chassis->c_med_pow_val =
ntohs(*(u_int16_t*)(frame + f));
- f += 2;
+ f += size - 5;
break;
case LLDP_TLV_MED_IV_HW:
case LLDP_TLV_MED_IV_SW:
projects / thirdparty / lldpd.git / commitdiff
