#include "netdissect.h"
#include "extract.h"
+#include "diag-control.h"
+
#ifdef HAVE_LIBCRYPTO
#include "strtoaddr.h"
#include "ascii_strcasecmp.h"
* we can't decrypt on top of the input buffer.
*/
ptlen = ctlen;
- pt = (u_char *)malloc(ptlen);
+ pt = (u_char *)calloc(1, ptlen);
if (pt == NULL) {
EVP_CIPHER_CTX_free(ctx);
(*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
* dissecting anything in it and before it does any dissection of
* anything in the old buffer. That will free the new buffer.
*/
-USES_APPLE_DEPRECATED_API
+DIAG_OFF_DEPRECATION
int esp_decrypt_buffer_by_ikev2_print(netdissect_options *ndo,
int initiator,
const u_char spii[8],
if(end <= ct) return 0;
- pt = do_decrypt(ndo, "esp_decrypt_buffer_by_ikev2_print", sa, iv,
+ pt = do_decrypt(ndo, __func__, sa, iv,
ct, ctlen);
if (pt == NULL)
return 0;
* on the buffer stack so it can be freed; our caller must
* pop it when done.
*/
- if (!nd_push_buffer(ndo, pt, pt, pt + ctlen)) {
+ if (!nd_push_buffer(ndo, pt, pt, ctlen)) {
free(pt);
- return 0;
+ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
+ "%s: can't push buffer on buffer stack", __func__);
}
return 1;
}
-USES_APPLE_RST
+DIAG_ON_DEPRECATION
static void esp_print_addsa(netdissect_options *ndo,
- struct sa_list *sa, int sa_def)
+ const struct sa_list *sa, int sa_def)
{
/* copy the "sa" */
/*
* returns size of binary, 0 on failure.
*/
-static
-int espprint_decode_hex(netdissect_options *ndo,
- u_char *binbuf, unsigned int binbuf_len,
- char *hex)
+static int
+espprint_decode_hex(netdissect_options *ndo,
+ u_char *binbuf, unsigned int binbuf_len, char *hex)
{
unsigned int len;
int i;
* decode the form: SPINUM@IP <tab> ALGONAME:0xsecret
*/
-USES_APPLE_DEPRECATED_API
+DIAG_OFF_DEPRECATION
static int
espprint_decode_encalgo(netdissect_options *ndo,
char *decode, struct sa_list *sa)
return 1;
}
-USES_APPLE_RST
+DIAG_ON_DEPRECATION
/*
* for the moment, ignore the auth algorithm, just hard code the authenticator
esp_print_addsa(ndo, &sa1, sa_def);
}
-USES_APPLE_DEPRECATED_API
+DIAG_OFF_DEPRECATION
static void esp_init(netdissect_options *ndo _U_)
{
/*
#endif
EVP_add_cipher_alias(SN_des_ede3_cbc, "3des");
}
-USES_APPLE_RST
+DIAG_ON_DEPRECATION
void esp_decodesecret_print(netdissect_options *ndo)
{
#endif
#ifdef HAVE_LIBCRYPTO
-USES_APPLE_DEPRECATED_API
+DIAG_OFF_DEPRECATION
#endif
void
esp_print(netdissect_options *ndo,
ND_PRINT(", length %u", length);
#ifdef HAVE_LIBCRYPTO
- /* initiailize SAs */
+ /* initialize SAs */
if (ndo->ndo_sa_list_head == NULL) {
if (!ndo->ndo_espsecret)
return;
return;
}
- pt = do_decrypt(ndo, "esp_print", sa, iv, ct, payloadlen);
+ pt = do_decrypt(ndo, __func__, sa, iv, ct, payloadlen);
if (pt == NULL)
return;
* Switch to the output buffer for dissection, and
* save it on the buffer stack so it can be freed.
*/
- ep = pt + payloadlen;
- if (!nd_push_buffer(ndo, pt, pt, ep)) {
+ if (!nd_push_buffer(ndo, pt, pt, payloadlen)) {
free(pt);
(*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
"%s: can't push buffer on buffer stack", __func__);
* it was not decrypted with the correct key, so that the
* "plaintext" is not what was being sent.
*/
- padlen = GET_U_1(ep - 2);
+ padlen = GET_U_1(pt + payloadlen - 2);
if (padlen + 2 > payloadlen) {
nd_print_trunc(ndo);
return;
}
/* Get the next header */
- nh = GET_U_1(ep - 1);
+ nh = GET_U_1(pt + payloadlen - 1);
ND_PRINT(": ");
* Don't put padding + padding length(1 byte) + next header(1 byte)
* in the buffer because they are not part of the plaintext to decode.
*/
- nd_push_snapend(ndo, ep - (padlen + 2));
+ if (!nd_push_snaplen(ndo, pt, payloadlen - (padlen + 2))) {
+ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
+ "%s: can't push snaplen on buffer stack", __func__);
+ }
/* Now dissect the plaintext. */
ip_demux_print(ndo, pt, payloadlen - (padlen + 2), ver, fragmented,
/* Pop the buffer, freeing it. */
nd_pop_packet_info(ndo);
- /* Pop the nd_push_snapend */
+ /* Pop the nd_push_snaplen */
nd_pop_packet_info(ndo);
#endif
}
#ifdef HAVE_LIBCRYPTO
-USES_APPLE_RST
+DIAG_ON_DEPRECATION
#endif
projects / tcpdump / blobdiff