freebsd-skq/contrib/tcpdump/print-nflog.c
glebius 640e6f3b3b Update tcpdump to 4.9.0.
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.

Security:	CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security:	CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security:	CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security:	CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security:	CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security:	CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security:	CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security:	CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security:	CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security:	CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security:	CVE-2017-5486
2017-02-01 20:26:42 +00:00

169 lines
4.4 KiB
C

/*
* Copyright (c) 2013, Petar Alilovic,
* Faculty of Electrical Engineering and Computing, University of Zagreb
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
/* \summary: DLT_NFLOG printer */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <netdissect-stdinc.h>
#include "netdissect.h"
#if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H)
#include <pcap/nflog.h>
static const struct tok nflog_values[] = {
{ AF_INET, "IPv4" },
#ifdef AF_INET6
{ AF_INET6, "IPv6" },
#endif /*AF_INET6*/
{ 0, NULL }
};
static inline void
nflog_hdr_print(netdissect_options *ndo, const nflog_hdr_t *hdr, u_int length)
{
ND_PRINT((ndo, "version %d, resource ID %d", hdr->nflog_version, ntohs(hdr->nflog_rid)));
if (!ndo->ndo_qflag) {
ND_PRINT((ndo,", family %s (%d)",
tok2str(nflog_values, "Unknown",
hdr->nflog_family),
hdr->nflog_family));
} else {
ND_PRINT((ndo,", %s",
tok2str(nflog_values,
"Unknown NFLOG (0x%02x)",
hdr->nflog_family)));
}
ND_PRINT((ndo, ", length %u: ", length));
}
u_int
nflog_if_print(netdissect_options *ndo,
const struct pcap_pkthdr *h, const u_char *p)
{
const nflog_hdr_t *hdr = (const nflog_hdr_t *)p;
const nflog_tlv_t *tlv;
uint16_t size;
uint16_t h_size = sizeof(nflog_hdr_t);
u_int caplen = h->caplen;
u_int length = h->len;
if (caplen < (int) sizeof(nflog_hdr_t) || length < (int) sizeof(nflog_hdr_t)) {
ND_PRINT((ndo, "[|nflog]"));
return h_size;
}
if (hdr->nflog_version != 0) {
ND_PRINT((ndo, "version %u (unknown)", hdr->nflog_version));
return h_size;
}
if (ndo->ndo_eflag)
nflog_hdr_print(ndo, hdr, length);
p += sizeof(nflog_hdr_t);
length -= sizeof(nflog_hdr_t);
caplen -= sizeof(nflog_hdr_t);
while (length > 0) {
/* We have some data. Do we have enough for the TLV header? */
if (caplen < sizeof(nflog_tlv_t) || length < sizeof(nflog_tlv_t)) {
/* No. */
ND_PRINT((ndo, "[|nflog]"));
return h_size;
}
tlv = (const nflog_tlv_t *) p;
size = tlv->tlv_length;
if (size % 4 != 0)
size += 4 - size % 4;
/* Is the TLV's length less than the minimum? */
if (size < sizeof(nflog_tlv_t)) {
/* Yes. Give up now. */
ND_PRINT((ndo, "[|nflog]"));
return h_size;
}
/* Do we have enough data for the full TLV? */
if (caplen < size || length < size) {
/* No. */
ND_PRINT((ndo, "[|nflog]"));
return h_size;
}
if (tlv->tlv_type == NFULA_PAYLOAD) {
/*
* This TLV's data is the packet payload.
* Skip past the TLV header, and break out
* of the loop so we print the packet data.
*/
p += sizeof(nflog_tlv_t);
h_size += sizeof(nflog_tlv_t);
length -= sizeof(nflog_tlv_t);
caplen -= sizeof(nflog_tlv_t);
break;
}
p += size;
h_size += size;
length -= size;
caplen -= size;
}
switch (hdr->nflog_family) {
case AF_INET:
ip_print(ndo, p, length);
break;
#ifdef AF_INET6
case AF_INET6:
ip6_print(ndo, p, length);
break;
#endif /* AF_INET6 */
default:
if (!ndo->ndo_eflag)
nflog_hdr_print(ndo, hdr,
length + sizeof(nflog_hdr_t));
if (!ndo->ndo_suppress_default_print)
ND_DEFAULTPRINT(p, caplen);
break;
}
return h_size;
}
#endif /* defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H) */