Changeset ed3a238 for libpacketdump


Ignore:
Timestamp:
04/21/17 13:58:20 (4 years ago)
Author:
Shane Alcock <salcock@…>
Branches:
cachetimestamps, develop, dpdk-ndag, etsilive, master, ndag_format, rc-4.0.2, rc-4.0.3, rc-4.0.4, ringdecrementfix, ringperformance
Children:
f398c61
Parents:
33a106a
Message:

Fix issues with SCTP libpacketdump parser

  • Ignore bogus chunk lengths that would cause us to walk off the end of the packet (Issue #47) .
  • Fixed bug where we were not correctly detecting and accounting for chunk padding.
  • Don't overwrite the chunk->length field with a byteswapped version.
  • Abort parsing if we don't have enough packet remaining to read an entire SCTP chunk header.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • libpacketdump/ip_132.c

    ree6e802 red3a238  
    155155                int len = ntohs(ph->length) -
    156156                    sizeof(struct sctp_var_param_hdr);
    157                
     157
    158158                printf(" SCTP: Option Supported address types ");
    159                
     159
    160160                while(len) {
    161161                    printf("%hu ", ntohs(*p));
     
    181181    struct sctp_chunk_hdr *chunk;
    182182    int chunk_num = 1;
    183     int vlen;
     183    int vlen = 0;
     184    uint16_t chunklen = 0;
    184185
    185186    if(len < (signed)sizeof(struct sctp_common_hdr)) {
     
    198199
    199200    while(len > 0) {
     201        if (len < sizeof(struct sctp_chunk_hdr)) {
     202                printf(" SCTP: [Truncated]\n\n");
     203                break;
     204        }
     205
    200206        chunk = (struct sctp_chunk_hdr *)packet;
    201207
    202         chunk->length = ntohs(chunk->length);
     208        chunklen = ntohs(chunk->length);
    203209
    204210        printf(" SCTP: Chunk %d Type %s Flags %u Len %u\n",
    205211            chunk_num++,
    206             sctp_type_to_str(chunk->type), chunk->flags, chunk->length);
    207 
    208         if(chunk->length == 0) {
     212            sctp_type_to_str(chunk->type), chunk->flags, chunklen);
     213
     214        if(chunklen == 0) {
    209215            printf(" SCTP: Invalid chunk length, aborting.\n\n");
    210216            break;
     217        }
     218
     219        /* Stupid SCTP has padding that is not accounted for in either
     220         * the chunk length or the payload length fields */
     221        if ((chunklen % 4) != 0) {
     222                /* Pad to the next four byte boundary */
     223                chunklen += ( 4 - (chunklen % 4) );
     224        }
     225
     226        /* Truncate any ridiculous chunk lengths so that they don't
     227         * exceed the confines of the packet */
     228        if (chunklen > len) {
     229                chunklen = len;
    211230        }
    212231
     
    229248                struct sctp_init_ack *ack = (struct sctp_init_ack *)
    230249                    (chunk + 1);
    231                
     250
    232251                printf(" SCTP: Tag %u Credit %u Outbound %hu Inbound %hu "
    233252                        "TSN %u\n",
     
    238257                        ntohl(ack->init_tsn));
    239258
    240                 vlen = chunk->length - (sizeof(struct sctp_init_ack) +
     259                vlen = chunklen - (sizeof(struct sctp_init_ack) +
    241260                        sizeof(struct sctp_chunk_hdr) +
    242261                        sizeof(struct sctp_common_hdr)
     
    270289            break;
    271290        }
    272        
    273         packet += chunk->length;
    274         len -= chunk->length;
     291
     292        packet += chunklen;
     293        len -= chunklen;
    275294    }
    276295    printf("\n");
Note: See TracChangeset for help on using the changeset viewer.