void handle_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes);
int convert_packet(struct packet *new, const struct const_packet* old);
unsigned int interp_ack_vect(u_char* hdr);
-u_int32_t initialize_seq(struct host *seq, __be16 source, __be32 initial);
+u_int32_t initialize_seq(struct host *seq, __be32 initial);
u_int32_t add_new_seq(struct host *seq, __be32 num, int size, enum dccp_pkt_type type);
u_int32_t convert_ack(struct host *seq, __be32 num);
int acked_packet_size(struct host *seq, __be32 num);
exit(1);
return 0;
}
- if(old->length < sizeof(struct dccp_hdr) || new->length < sizeof(struct dccp_hdr)){
- dbgprintf(0, "Error: Convert Packet Function given packet of wrong size!\n");
+ if(old->length < (sizeof(struct dccp_hdr) + sizeof(struct dccp_hdr_ext)) || new->length < sizeof(struct dccp_hdr)){
+ dbgprintf(0, "Error: DCCP Packet Too short!\n");
return 0;
}
return 0;
}
+ /*Ensure packet is at least as large as DCCP header*/
+ if(old->length < dccph->dccph_doff*4){
+ dbgprintf(0, "Error: DCCP Header truncated\n");
+ return 0;
+ }
+ if(dccph->dccph_type!=DCCP_PKT_DATA &&
+ old->length < (sizeof(struct dccp_hdr) + sizeof(struct dccp_hdr_ext) +
+ sizeof(struct dccp_hdr_ack_bits))){
+ dbgprintf(0, "Error: DCCP Packet Too short!\n");
+ }
+
/*determine data length*/
datalength=old->length - dccph->dccph_doff*4;
pd=old->data + dccph->dccph_doff*4;
tcph->window=htons(0);
}
tcph->ack_seq=htonl(0);
- tcph->seq=htonl(initialize_seq(h1, dccph->dccph_sport, ntohl(dccphex->dccph_seq_low)));
+ tcph->seq=htonl(initialize_seq(h1, ntohl(dccphex->dccph_seq_low)));
tcph->syn=1;
tcph->ack=0;
tcph->fin=0;
if(yellow){
tcph->window=htons(0);
}
- tcph->seq=htonl(initialize_seq(h1, dccph->dccph_sport, ntohl(dccphex->dccph_seq_low)));
+ tcph->seq=htonl(initialize_seq(h1, ntohl(dccphex->dccph_seq_low)));
tcph->syn=1;
tcph->ack=1;
tcph->fin=0;
/*parse options*/
while(optlen > 0){
- len=*(opt+1);
/*One byte options (no length)*/
if(*opt< 32){
continue;
}
+ /*Check option length*/
+ len=*(opt+1);
+ if(len > optlen){
+ dbgprintf(0, "Warning: Option would extend into packet data\n");
+ return additional;
+ }
+
/*Ack Vector Option*/
if(*opt==38 || *opt==39){
tmp=len-2;
}
if(((*cur& 0xC0)!= 0xC0) && ((*cur& 0xC0)!= 0x00) && ((*cur& 0xC0)!= 0x40)){
- dbgprintf(1, "Warning: Invalid Ack Vector!! (Linux will handle poorly!) -- %X\n", *cur);
+ dbgprintf(1, "Warning: Invalid Ack Vector!! (Linux will handle poorly!)\n");
}
tmp--;
cur++;
/* Setup Sequence Number Structure*/
-u_int32_t initialize_seq(struct host *seq, __be16 source, __be32 initial)
+u_int32_t initialize_seq(struct host *seq, __be32 initial)
{
/*set default values*/
seq->cur=0;
if(seq->table==NULL){
dbgprintf(1, "Warning: Connection uninitialized\n");
- return initialize_seq(seq, 0, num);
+ return initialize_seq(seq, num);
}
/*account for missing packets*/
if(seq->table==NULL){
dbgprintf(1, "Warning: Connection uninitialized\n");
- initialize_seq(seq, 0, num);
+ initialize_seq(seq, num);
}
/*loop through table looking for the DCCP ack number*/
if(seq->table==NULL){
dbgprintf(1, "Warning: Connection uninitialized\n");
- initialize_seq(seq, 0, num);
+ initialize_seq(seq, num);
}
/*loop through table looking for the DCCP ack number*/
/*parse options*/
while(optlen > 0){
- len=*(opt+1);
/*One byte options (no length)*/
if(*opt< 32){
continue;
}
+ len=*(opt+1);
+ if(len > optlen){
+ dbgprintf(0, "Warning: Option would extend into packet data\n");
+ break;
+ }
+
/*Ack Vector Option*/
if(*opt==38 || *opt==39){
tmp=len-2;
projects / dccp2tcp / blobdiff