ethernet: fix next packet size on DCE packet

Missing parans on the DCE length caused the length update
for the next call to DecodeEthernet to be wrong.

Tests added.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2887

diff --git a/src/decode-ethernet.c b/src/decode-ethernet.c
index 3b55f31be876c2181c3f6464873e990624dff911..374a7f6456b1644bbd58fd495f017868ebc0e641 100644 (file)
--- a/src/decode-ethernet.c
+++ b/src/decode-ethernet.c
@@ -146,6 +146,70 @@ static int DecodeEthernetTest01 (void)
     SCFree(p);
     return 1;
 }
+
+/**
+ * Test a DCE ethernet frame that is too small.
+ */
+static int DecodeEthernetTestDceTooSmall(void)
+{
+    uint8_t raw_eth[] = {
+        0x00, 0x10, 0x94, 0x55, 0x00, 0x01, 0x00, 0x10,
+        0x94, 0x56, 0x00, 0x01, 0x89, 0x03,
+    };
+
+    Packet *p = SCMalloc(SIZE_OF_PACKET);
+    FAIL_IF_NULL(p);
+    ThreadVars tv;
+    DecodeThreadVars dtv;
+
+    memset(&dtv, 0, sizeof(DecodeThreadVars));
+    memset(&tv,  0, sizeof(ThreadVars));
+    memset(p, 0, SIZE_OF_PACKET);
+
+    DecodeEthernet(&tv, &dtv, p, raw_eth, sizeof(raw_eth), NULL);
+
+    FAIL_IF_NOT(ENGINE_ISSET_EVENT(p, DCE_PKT_TOO_SMALL));
+
+    SCFree(p);
+    PASS;
+}
+
+/**
+ * Test that a DCE ethernet frame, followed by data that is too small
+ * for an ethernet header.
+ *
+ * Redmine issue:
+ * https://redmine.openinfosecfoundation.org/issues/2887
+ */
+static int DecodeEthernetTestDceNextTooSmall(void)
+{
+    uint8_t raw_eth[] = {
+        0x00, 0x10, 0x94, 0x55, 0x00, 0x01, 0x00, 0x10,
+        0x94, 0x56, 0x00, 0x01, 0x89, 0x03, //0x88, 0x64,
+
+        0x00, 0x00,
+
+        0x00, 0x10, 0x94, 0x55, 0x00, 0x01, 0x00, 0x10,
+        0x94, 0x56, 0x00, 0x01,
+    };
+
+    Packet *p = SCMalloc(SIZE_OF_PACKET);
+    FAIL_IF_NULL(p);
+    ThreadVars tv;
+    DecodeThreadVars dtv;
+
+    memset(&dtv, 0, sizeof(DecodeThreadVars));
+    memset(&tv,  0, sizeof(ThreadVars));
+    memset(p, 0, SIZE_OF_PACKET);
+
+    DecodeEthernet(&tv, &dtv, p, raw_eth, sizeof(raw_eth), NULL);
+
+    FAIL_IF_NOT(ENGINE_ISSET_EVENT(p, ETHERNET_PKT_TOO_SMALL));
+
+    SCFree(p);
+    PASS;
+}
+
 #endif /* UNITTESTS */
 
 
@@ -157,6 +221,10 @@ void DecodeEthernetRegisterTests(void)
 {
 #ifdef UNITTESTS
     UtRegisterTest("DecodeEthernetTest01", DecodeEthernetTest01);
+    UtRegisterTest("DecodeEthernetTestDceNextTooSmall",
+            DecodeEthernetTestDceNextTooSmall);
+    UtRegisterTest("DecodeEthernetTestDceTooSmall",
+            DecodeEthernetTestDceTooSmall);
 #endif /* UNITTESTS */
 }
 /**

diff --git a/src/decode-ethernet.h b/src/decode-ethernet.h
index b61c5d7d0e0f84282a1b958ea06fe0c8389419c0..93ed61af89375f8cbc827b586919a03c96a5c5b0 100644 (file)
--- a/src/decode-ethernet.h
+++ b/src/decode-ethernet.h
@@ -27,7 +27,7 @@
 #define ETHERNET_HEADER_LEN           14
 
 /* Cisco Fabric Path / DCE header length. */
-#define ETHERNET_DCE_HEADER_LEN       ETHERNET_HEADER_LEN + 2
+#define ETHERNET_DCE_HEADER_LEN       (ETHERNET_HEADER_LEN + 2)
 
 /* Ethernet types -- taken from Snort and Libdnet */
 #define ETHERNET_TYPE_PUP             0x0200 /* PUP protocol */