640e6f3b3b
It fixes many buffer overflow in different protocol parsers, but none of them are critical, even in absense of Capsicum. Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925 Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929 Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933 Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937 Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973 Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984 Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993 Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203 Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342 Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485 Security: CVE-2017-5486
147 lines
4.0 KiB
C
147 lines
4.0 KiB
C
/*
|
|
* Copyright (c) 1998-2004 Hannes Gredler <hannes@tcpdump.org>
|
|
* The TCPDUMP project
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that: (1) source code
|
|
* distributions retain the above copyright notice and this paragraph
|
|
* in its entirety, and (2) distributions including binary code include
|
|
* the above copyright notice and this paragraph in its entirety in
|
|
* the documentation or other materials provided with the distribution.
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND
|
|
* WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
|
|
* LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
* FOR A PARTICULAR PURPOSE.
|
|
*/
|
|
|
|
/* \summary: Syslog protocol printer */
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include "config.h"
|
|
#endif
|
|
|
|
#include <netdissect-stdinc.h>
|
|
|
|
#include "netdissect.h"
|
|
#include "extract.h"
|
|
|
|
static const char tstr[] = "[|syslog]";
|
|
|
|
/*
|
|
* tokenlists and #defines taken from Ethereal - Network traffic analyzer
|
|
* by Gerald Combs <gerald@ethereal.com>
|
|
*/
|
|
|
|
#define SYSLOG_SEVERITY_MASK 0x0007 /* 0000 0000 0000 0111 */
|
|
#define SYSLOG_FACILITY_MASK 0x03f8 /* 0000 0011 1111 1000 */
|
|
#define SYSLOG_MAX_DIGITS 3 /* The maximum number if priority digits to read in. */
|
|
|
|
static const struct tok syslog_severity_values[] = {
|
|
{ 0, "emergency" },
|
|
{ 1, "alert" },
|
|
{ 2, "critical" },
|
|
{ 3, "error" },
|
|
{ 4, "warning" },
|
|
{ 5, "notice" },
|
|
{ 6, "info" },
|
|
{ 7, "debug" },
|
|
{ 0, NULL },
|
|
};
|
|
|
|
static const struct tok syslog_facility_values[] = {
|
|
{ 0, "kernel" },
|
|
{ 1, "user" },
|
|
{ 2, "mail" },
|
|
{ 3, "daemon" },
|
|
{ 4, "auth" },
|
|
{ 5, "syslog" },
|
|
{ 6, "lpr" },
|
|
{ 7, "news" },
|
|
{ 8, "uucp" },
|
|
{ 9, "cron" },
|
|
{ 10, "authpriv" },
|
|
{ 11, "ftp" },
|
|
{ 12, "ntp" },
|
|
{ 13, "security" },
|
|
{ 14, "console" },
|
|
{ 15, "cron" },
|
|
{ 16, "local0" },
|
|
{ 17, "local1" },
|
|
{ 18, "local2" },
|
|
{ 19, "local3" },
|
|
{ 20, "local4" },
|
|
{ 21, "local5" },
|
|
{ 22, "local6" },
|
|
{ 23, "local7" },
|
|
{ 0, NULL },
|
|
};
|
|
|
|
void
|
|
syslog_print(netdissect_options *ndo,
|
|
register const u_char *pptr, register u_int len)
|
|
{
|
|
uint16_t msg_off = 0;
|
|
uint16_t pri = 0;
|
|
uint16_t facility,severity;
|
|
|
|
/* extract decimal figures that are
|
|
* encapsulated within < > tags
|
|
* based on this decimal figure extract the
|
|
* severity and facility values
|
|
*/
|
|
|
|
ND_TCHECK2(*pptr, 1);
|
|
if (*(pptr+msg_off) == '<') {
|
|
msg_off++;
|
|
ND_TCHECK2(*(pptr + msg_off), 1);
|
|
while ( *(pptr+msg_off) >= '0' &&
|
|
*(pptr+msg_off) <= '9' &&
|
|
msg_off <= SYSLOG_MAX_DIGITS) {
|
|
pri = pri * 10 + (*(pptr+msg_off) - '0');
|
|
msg_off++;
|
|
ND_TCHECK2(*(pptr + msg_off), 1);
|
|
}
|
|
if (*(pptr+msg_off) != '>') {
|
|
ND_PRINT((ndo, "%s", tstr));
|
|
return;
|
|
}
|
|
msg_off++;
|
|
} else {
|
|
ND_PRINT((ndo, "%s", tstr));
|
|
return;
|
|
}
|
|
|
|
facility = (pri & SYSLOG_FACILITY_MASK) >> 3;
|
|
severity = pri & SYSLOG_SEVERITY_MASK;
|
|
|
|
if (ndo->ndo_vflag < 1 )
|
|
{
|
|
ND_PRINT((ndo, "SYSLOG %s.%s, length: %u",
|
|
tok2str(syslog_facility_values, "unknown (%u)", facility),
|
|
tok2str(syslog_severity_values, "unknown (%u)", severity),
|
|
len));
|
|
return;
|
|
}
|
|
|
|
ND_PRINT((ndo, "SYSLOG, length: %u\n\tFacility %s (%u), Severity %s (%u)\n\tMsg: ",
|
|
len,
|
|
tok2str(syslog_facility_values, "unknown (%u)", facility),
|
|
facility,
|
|
tok2str(syslog_severity_values, "unknown (%u)", severity),
|
|
severity));
|
|
|
|
/* print the syslog text in verbose mode */
|
|
for (; msg_off < len; msg_off++) {
|
|
ND_TCHECK2(*(pptr + msg_off), 1);
|
|
safeputchar(ndo, *(pptr + msg_off));
|
|
}
|
|
|
|
if (ndo->ndo_vflag > 1)
|
|
print_unknown_data(ndo, pptr, "\n\t", len);
|
|
|
|
return;
|
|
|
|
trunc:
|
|
ND_PRINT((ndo, "%s", tstr));
|
|
}
|