From 03d8a4b7d39af6da7ceaaf07211cf0fde1e623ed Mon Sep 17 00:00:00 2001 From: Mateusz Piotrowski <0mp@FreeBSD.org> Date: Thu, 15 Aug 2019 12:00:59 +0000 Subject: [PATCH] pf tests: Fix accidental duplication of content Some files got their contented duplicated in r345409. Some mistakes where fixed in r345430. The only file that was left with a duplicated content was CVE-2019-5598.py. Reviewed by: kp Approved by: src (kp) Differential Revision: https://reviews.freebsd.org/D21267 --- tests/sys/netpfil/pf/CVE-2019-5598.py | 65 --------------------------- 1 file changed, 65 deletions(-) diff --git a/tests/sys/netpfil/pf/CVE-2019-5598.py b/tests/sys/netpfil/pf/CVE-2019-5598.py index 648b8ef9d6f0..1a019ea23fab 100644 --- a/tests/sys/netpfil/pf/CVE-2019-5598.py +++ b/tests/sys/netpfil/pf/CVE-2019-5598.py @@ -63,68 +63,3 @@ def main(): if __name__ == '__main__': main() -#!/usr/local/bin/python2.7 - -import argparse -import scapy.all as sp -import sys -from sniffer import Sniffer - -def check_icmp_error(args, packet): - ip = packet.getlayer(sp.IP) - if not ip: - return False - if ip.dst != args.to[0]: - return False - - icmp = packet.getlayer(sp.ICMP) - if not icmp: - return False - if icmp.type != 3 or icmp.code != 3: - return False - - return True - -def main(): - parser = argparse.ArgumentParser("CVE-2019-icmp.py", - description="CVE-2019-icmp test tool") - parser.add_argument('--sendif', nargs=1, - required=True, - help='The interface through which the packet will be sent') - parser.add_argument('--recvif', nargs=1, - required=True, - help='The interface on which to check for the packet') - parser.add_argument('--src', nargs=1, - required=True, - help='The source IP address') - parser.add_argument('--to', nargs=1, - required=True, - help='The destination IP address') - - args = parser.parse_args() - - # Send the allowed packet to establish state - udp = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.UDP(dport=53, sport=1234) - sp.sendp(udp, iface=args.sendif[0], verbose=False) - - # Start sniffing on recvif - sniffer = Sniffer(args, check_icmp_error) - - # Send the bad error packet - icmp_reachable = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.ICMP(type=3, code=3) / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.UDP(dport=53, sport=1234) - sp.sendp(icmp_reachable, iface=args.sendif[0], verbose=False) - - sniffer.join() - if sniffer.foundCorrectPacket: - sys.exit(1) - - sys.exit(0) - -if __name__ == '__main__': - main()