From f0dfe5355b620fe3b29ecb00c234cdc5559175fc Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 14 Oct 2019 10:17:37 -0700 Subject: [PATCH] Sniffer for IPv6 1. Better length checking on the IPv6 extension headers. 2. Removed the default size update analogous to the IPv4 header check function. It cannot ever be 0, so the update was unnecessary. --- src/sniffer.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index 2754dcade..bad212021 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1642,7 +1642,7 @@ int ssl_SetPrivateKey(const char* address, int port, const char* keyFile, static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error) { int version = IP_V(iphdr); - int exthdrsz = 0; + int exthdrsz = IP6_HDR_SZ; TraceIP6(iphdr); Trace(IP_CHECK_STR); @@ -1657,6 +1657,10 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error) Ip6ExtHdr* exthdr = (Ip6ExtHdr*)((byte*)iphdr + IP6_HDR_SZ); do { int hdrsz = (exthdr->length + 1) * 8; + if (hdrsz > length - exthdrsz) { + SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); + return -1; + } exthdrsz += hdrsz; exthdr = (Ip6ExtHdr*)((byte*)exthdr + hdrsz); } @@ -1671,7 +1675,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error) } #endif - info->length = IP6_HDR_SZ + exthdrsz; + info->length = exthdrsz; info->total = ntohs(iphdr->length) + info->length; /* IPv6 doesn't include its own header size in the length like v4. */ info->src.version = IPV6; @@ -1679,11 +1683,6 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error) info->dst.version = IPV6; XMEMCPY(info->dst.ip6, iphdr->dst, sizeof(info->dst.ip6)); - /* This needs to massage the length and size to match what the sniffer - * expects. IPv4 and IPv6 treat the length parameter differently. */ - if (info->total == 0) - info->total = length; /* reassembled may be off */ - return 0; }