X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/f5ad5cff18d246d1f77f21f532ae921d776c5248..refs/heads/tcpdump-3.9:/print-tcp.c diff --git a/print-tcp.c b/print-tcp.c index d3462063..9b6c2a2f 100644 --- a/print-tcp.c +++ b/print-tcp.c @@ -2,6 +2,8 @@ * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * + * Copyright (c) 1999-2004 The tcpdump.org project + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) @@ -21,7 +23,7 @@ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.115 2004-05-27 21:20:50 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/tcpdump/print-tcp.c,v 1.120.2.3 2005-10-16 06:05:46 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -30,8 +32,6 @@ static const char rcsid[] _U_ = #include -#include - #include #include #include @@ -47,12 +47,18 @@ static const char rcsid[] _U_ = #include "ip6.h" #endif #include "ipproto.h" +#include "rpc_auth.h" +#include "rpc_msg.h" #include "nameser.h" #ifdef HAVE_LIBCRYPTO #include +#define SIGNATURE_VALID 0 +#define SIGNATURE_INVALID 1 +#define CANT_CHECK_SIGNATURE 2 + static int tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, const u_char *data, int length, const u_char *rcvsig); #endif @@ -219,17 +225,18 @@ tcp_print(register const u_char *bp, register u_int length, hlen = TH_OFF(tp) * 4; /* - * If data present and NFS port used, assume NFS. + * If data present, header length valid, and NFS port used, + * assume NFS. * Pass offset of data plus 4 bytes for RPC TCP msg length * to NFS print routines. */ - if (!qflag) { - if ((u_char *)tp + 4 + sizeof(struct rpc_msg) <= snapend && + if (!qflag && hlen >= sizeof(*tp) && hlen <= length) { + if ((u_char *)tp + 4 + sizeof(struct sunrpc_msg) <= snapend && dport == NFS_PORT) { nfsreq_print((u_char *)tp + hlen + 4, length - hlen, (u_char *)ip); return; - } else if ((u_char *)tp + 4 + sizeof(struct rpc_msg) + } else if ((u_char *)tp + 4 + sizeof(struct sunrpc_msg) <= snapend && sport == NFS_PORT) { nfsreply_print((u_char *)tp + hlen + 4, length - hlen, @@ -264,6 +271,12 @@ tcp_print(register const u_char *bp, register u_int length, } } + if (hlen < sizeof(*tp)) { + (void)printf(" tcp %d [bad hdr length %u - too short, < %lu]", + length - hlen, hlen, (unsigned long)sizeof(*tp)); + return; + } + TCHECK(*tp); seq = EXTRACT_32BITS(&tp->th_seq); @@ -272,7 +285,11 @@ tcp_print(register const u_char *bp, register u_int length, urp = EXTRACT_16BITS(&tp->th_urp); if (qflag) { - (void)printf("tcp %d", length - TH_OFF(tp) * 4); + (void)printf("tcp %d", length - hlen); + if (hlen > length) { + (void)printf(" [bad hdr length %u - too long, > %u]", + hlen, length); + } return; } if ((flags = tp->th_flags) & (TH_SYN|TH_FIN|TH_RST|TH_PUSH| @@ -398,7 +415,8 @@ tcp_print(register const u_char *bp, register u_int length, thseq = thack = threv = 0; } if (hlen > length) { - (void)printf(" [bad hdr length]"); + (void)printf(" [bad hdr length %u - too long, > %u]", + hlen, length); return; } @@ -502,14 +520,13 @@ tcp_print(register const u_char *bp, register u_int length, break; case TCPOPT_SACK: - (void)printf("sack"); datalen = len - 2; if (datalen % 8 != 0) { - (void)printf(" malformed sack "); + (void)printf("malformed sack"); } else { u_int32_t s, e; - (void)printf(" sack %d ", datalen / 8); + (void)printf("sack %d ", datalen / 8); for (i = 0; i < datalen; i += 8) { LENCHECK(i + 4); s = EXTRACT_32BITS(cp + i); @@ -524,7 +541,6 @@ tcp_print(register const u_char *bp, register u_int length, } (void)printf("{%u:%u}", s, e); } - (void)printf(" "); } break; @@ -577,11 +593,23 @@ tcp_print(register const u_char *bp, register u_int length, datalen = TCP_SIGLEN; LENCHECK(datalen); #ifdef HAVE_LIBCRYPTO - if (tcp_verify_signature(ip, tp, - bp + TH_OFF(tp) * 4, length, cp) == 0) + switch (tcp_verify_signature(ip, tp, + bp + TH_OFF(tp) * 4, length, cp)) { + + case SIGNATURE_VALID: (void)printf("valid"); - else + break; + + case SIGNATURE_INVALID: (void)printf("invalid"); + break; + + case CANT_CHECK_SIGNATURE: + (void)printf("can't check - "); + for (i = 0; i < TCP_SIGLEN; ++i) + (void)printf("%02x", cp[i]); + break; + } #else for (i = 0; i < TCP_SIGLEN; ++i) (void)printf("%02x", cp[i]); @@ -708,18 +736,20 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, const u_char *data, int length, const u_char *rcvsig) { struct tcphdr tp1; - char sig[TCP_SIGLEN]; + u_char sig[TCP_SIGLEN]; char zero_proto = 0; MD5_CTX ctx; u_int16_t savecsum, tlen; +#ifdef INET6 struct ip6_hdr *ip6; +#endif u_int32_t len32; u_int8_t nxt; tp1 = *tp; if (tcpmd5secret == NULL) - return (-1); + return (CANT_CHECK_SIGNATURE); MD5_Init(&ctx); /* @@ -733,6 +763,7 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, tlen = EXTRACT_16BITS(&ip->ip_len) - IP_HL(ip) * 4; tlen = htons(tlen); MD5_Update(&ctx, (char *)&tlen, sizeof(tlen)); +#ifdef INET6 } else if (IP_V(ip) == 6) { ip6 = (struct ip6_hdr *)ip; MD5_Update(&ctx, (char *)&ip6->ip6_src, sizeof(ip6->ip6_src)); @@ -745,8 +776,9 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); nxt = IPPROTO_TCP; MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); +#endif } else - return (-1); + return (CANT_CHECK_SIGNATURE); /* * Step 2: Update MD5 hash with TCP header, excluding options. @@ -767,6 +799,9 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret)); MD5_Final(sig, &ctx); - return (memcmp(rcvsig, sig, 16)); + if (memcmp(rcvsig, sig, TCP_SIGLEN) == 0) + return (SIGNATURE_VALID); + else + return (SIGNATURE_INVALID); } #endif /* HAVE_LIBCRYPTO */