freebsd-skq/contrib/tcpdump/print-syslog.c
Ed Maste 0bff6a5af8 Update tcpdump to 4.9.2
It contains many fixes, including bounds checking, buffer overflows (in
SLIP and bittok2str_internal), buffer over-reads, and infinite loops.

One other notable change:
  Do not use getprotobynumber() for protocol name resolution.
  Do not do any protocol name resolution if -n is specified.

Submitted by:	gordon
Reviewed by:	delphij, emaste, glebius
MFC after:	1 week
Relnotes:	Yes
Security:	CVE-2017-11108, CVE-2017-11541, CVE-2017-11542
Security:	CVE-2017-11543, CVE-2017-12893, CVE-2017-12894
Security:	CVE-2017-12895, CVE-2017-12896, CVE-2017-12897
Security:	CVE-2017-12898, CVE-2017-12899, CVE-2017-12900
Security:	CVE-2017-12901, CVE-2017-12902, CVE-2017-12985
Security:	CVE-2017-12986, CVE-2017-12987, CVE-2017-12988
Security:	CVE-2017-12989, CVE-2017-12990, CVE-2017-12991
Security:	CVE-2017-12992, CVE-2017-12993, CVE-2017-12994
Security:	CVE-2017-12995, CVE-2017-12996, CVE-2017-12997
Security:	CVE-2017-12998, CVE-2017-12999, CVE-2017-13000
Security:	CVE-2017-13001, CVE-2017-13002, CVE-2017-13003
Security:	CVE-2017-13004, CVE-2017-13005, CVE-2017-13006
Security:	CVE-2017-13007, CVE-2017-13008, CVE-2017-13009
Security:	CVE-2017-13010, CVE-2017-13011, CVE-2017-13012
Security:	CVE-2017-13013, CVE-2017-13014, CVE-2017-13015
Security:	CVE-2017-13016, CVE-2017-13017, CVE-2017-13018
Security:	CVE-2017-13019, CVE-2017-13020, CVE-2017-13021
Security:	CVE-2017-13022, CVE-2017-13023, CVE-2017-13024
Security:	CVE-2017-13025, CVE-2017-13026, CVE-2017-13027
Security:	CVE-2017-13028, CVE-2017-13029, CVE-2017-13030
Security:	CVE-2017-13031, CVE-2017-13032, CVE-2017-13033
Security:	CVE-2017-13034, CVE-2017-13035, CVE-2017-13036
Security:	CVE-2017-13037, CVE-2017-13038, CVE-2017-13039
Security:	CVE-2017-13040, CVE-2017-13041, CVE-2017-13042
Security:	CVE-2017-13043, CVE-2017-13044, CVE-2017-13045
Security:	CVE-2017-13046, CVE-2017-13047, CVE-2017-13048
Security:	CVE-2017-13049, CVE-2017-13050, CVE-2017-13051
Security:	CVE-2017-13052, CVE-2017-13053, CVE-2017-13054
Security:	CVE-2017-13055, CVE-2017-13687, CVE-2017-13688
Security:	CVE-2017-13689, CVE-2017-13690, CVE-2017-13725
Differential Revision:	https://reviews.freebsd.org/D12404
2017-12-06 02:21:11 +00:00

147 lines
4.0 KiB
C

/*
* Copyright (c) 1998-2004 Hannes Gredler <hannes@gredler.at>
* The TCPDUMP project
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code
* distributions retain the above copyright notice and this paragraph
* in its entirety, and (2) distributions including binary code include
* the above copyright notice and this paragraph in its entirety in
* the documentation or other materials provided with the distribution.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND
* WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
* LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE.
*/
/* \summary: Syslog protocol printer */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <netdissect-stdinc.h>
#include "netdissect.h"
#include "extract.h"
static const char tstr[] = "[|syslog]";
/*
* tokenlists and #defines taken from Ethereal - Network traffic analyzer
* by Gerald Combs <gerald@ethereal.com>
*/
#define SYSLOG_SEVERITY_MASK 0x0007 /* 0000 0000 0000 0111 */
#define SYSLOG_FACILITY_MASK 0x03f8 /* 0000 0011 1111 1000 */
#define SYSLOG_MAX_DIGITS 3 /* The maximum number if priority digits to read in. */
static const struct tok syslog_severity_values[] = {
{ 0, "emergency" },
{ 1, "alert" },
{ 2, "critical" },
{ 3, "error" },
{ 4, "warning" },
{ 5, "notice" },
{ 6, "info" },
{ 7, "debug" },
{ 0, NULL },
};
static const struct tok syslog_facility_values[] = {
{ 0, "kernel" },
{ 1, "user" },
{ 2, "mail" },
{ 3, "daemon" },
{ 4, "auth" },
{ 5, "syslog" },
{ 6, "lpr" },
{ 7, "news" },
{ 8, "uucp" },
{ 9, "cron" },
{ 10, "authpriv" },
{ 11, "ftp" },
{ 12, "ntp" },
{ 13, "security" },
{ 14, "console" },
{ 15, "cron" },
{ 16, "local0" },
{ 17, "local1" },
{ 18, "local2" },
{ 19, "local3" },
{ 20, "local4" },
{ 21, "local5" },
{ 22, "local6" },
{ 23, "local7" },
{ 0, NULL },
};
void
syslog_print(netdissect_options *ndo,
register const u_char *pptr, register u_int len)
{
uint16_t msg_off = 0;
uint16_t pri = 0;
uint16_t facility,severity;
/* extract decimal figures that are
* encapsulated within < > tags
* based on this decimal figure extract the
* severity and facility values
*/
ND_TCHECK2(*pptr, 1);
if (*(pptr+msg_off) == '<') {
msg_off++;
ND_TCHECK2(*(pptr + msg_off), 1);
while ( *(pptr+msg_off) >= '0' &&
*(pptr+msg_off) <= '9' &&
msg_off <= SYSLOG_MAX_DIGITS) {
pri = pri * 10 + (*(pptr+msg_off) - '0');
msg_off++;
ND_TCHECK2(*(pptr + msg_off), 1);
}
if (*(pptr+msg_off) != '>') {
ND_PRINT((ndo, "%s", tstr));
return;
}
msg_off++;
} else {
ND_PRINT((ndo, "%s", tstr));
return;
}
facility = (pri & SYSLOG_FACILITY_MASK) >> 3;
severity = pri & SYSLOG_SEVERITY_MASK;
if (ndo->ndo_vflag < 1 )
{
ND_PRINT((ndo, "SYSLOG %s.%s, length: %u",
tok2str(syslog_facility_values, "unknown (%u)", facility),
tok2str(syslog_severity_values, "unknown (%u)", severity),
len));
return;
}
ND_PRINT((ndo, "SYSLOG, length: %u\n\tFacility %s (%u), Severity %s (%u)\n\tMsg: ",
len,
tok2str(syslog_facility_values, "unknown (%u)", facility),
facility,
tok2str(syslog_severity_values, "unknown (%u)", severity),
severity));
/* print the syslog text in verbose mode */
for (; msg_off < len; msg_off++) {
ND_TCHECK2(*(pptr + msg_off), 1);
safeputchar(ndo, *(pptr + msg_off));
}
if (ndo->ndo_vflag > 1)
print_unknown_data(ndo, pptr, "\n\t", len);
return;
trunc:
ND_PRINT((ndo, "%s", tstr));
}