Attachment #92811 for bug #141828

View | Details | Raw Unified | Return to bug 141828
Collapse All | Expand All




				break;
			case 'h':
				if(sniff_file[0]=='-' &&
				   sniff_file[1]==0)    sniff.dump = stdout;
				else sniff.dump = (void *)fopen(sniff_file, "w");
				if(!sniff.dump){
					fprintf(stderr, "Couldn't open file: %s\n", sniff.dump);

				break;
			case 'h':
				if(spoof_file[0]=='-' &&
				   spoof_file[1]==0)    spoof.pcap = stdin;
				else spoof.pcap = (void *)fopen(spoof_file, "r");
				if(!spoof.pcap){
					fprintf(stderr, "Couldn't open file: %s\n", spoof.pcap);

		i=1;
		if(!pid){
			if(sniff_packets){
			   sniff.packet = pcap_next(sniff.pcap, &(sniff.pkthdr));
			   if(!sniff.packet) continue; /* network has "infinite packets, but there's blocking */
			   if(trailer_sniff){
			      pk_hmac(buf, sniff_key, sniff.packet, sniff.pkthdr.caplen-21);

Lines 599-605 Link Here

(-)src.orig/minewt.c (-1 / +1 lines)
599	/* XXX very probable security hole lives here -- we must validate length, at minimum*/	599	/* XXX very probable security hole lives here -- we must validate length, at minimum*/
600	if(stateless_ipt &&	600	if(stateless_ipt &&
601	(x.ip->ip_hl*4) != LIBNET_IP_H){	601	(x.ip->ip_hl*4) != LIBNET_IP_H){
602	(char )packet_state = (char )x.ip + LIBNET_IP_H + 4;	602	packet_state = (char *)x.ip + LIBNET_IP_H + 4;
603	}	603	}
604		604
605	if(packet_state \|\| (packet_state = find_entry(packet_key)))	605	if(packet_state \|\| (packet_state = find_entry(packet_key)))




      if(datalink != DLT_EN10MB) return(0); /* validate is our ethernet */
      if(length < LIBNET_ETH_H) return(0);  /* validate can be ethernet */
      
      x->eth = (char *)packet;
      l2_offset=LIBNET_ETH_H;
      ok += l2_offset;
      	  

      	case ETHERTYPE_ARP:
   		if(length < LIBNET_ETH_H + LIBNET_ARP_H)
   		   return(0);
      		x->arp = (char *)x->eth + LIBNET_ETH_H;
      		ok+=LIBNET_ARP_H;
      		return(ok);
      		break;

   if(length < l2_offset + LIBNET_IP_H)  /* Could we be IP? */
      return(0);
   ok+=LIBNET_IP_H;
   if(x->eth) x->ip  = (char *)x->eth + l2_offset;
   else       x->ip  = (char *)packet;
   
   if(x->ip->ip_off != 0 && x->ip->ip_off != ntohs(16384)) return(0); 
   if(x->ip->ip_v   != 4) return(0);

	         return(0);
	      ok+=LIBNET_TCP_H;
	   }
   	   x->tcp = (char *)x->ip + ((int)x->ip->ip_hl*4);
   	   break;
   	case IPPROTO_UDP:
	   if(length < l2_offset + (int)x->ip->ip_hl*4 + LIBNET_UDP_H)
	      return(0);
	   ok+=LIBNET_UDP_H;
   	   x->udp = (char *)x->ip + ((int)x->ip->ip_hl*4);
   	   break;
   	case IPPROTO_ICMP:
	   if(length < l2_offset + (int)x->ip->ip_hl*4 + 8)
	        return(0);
	   ok+=LIBNET_ICMP_H;
   	   x->icmp= (char *)x->ip + ((int)x->ip->ip_hl*4);
   	   break;   	   
   	default:
	   return(0);  	        

	char buf[MX_B], buf2[MX_B];
	struct frame x;

	x.ip = 	target;	
        snprintf(buf, sizeof(buf),   "%s", inet_ntoa(x.ip->ip_src));
        snprintf(buf2, sizeof(buf2), "%s", inet_ntoa(x.ip->ip_dst));
     	fprintf(stderr, " IP: i=%s->%s v=%hu hl=%hu s=%hu id=%i o=%hu ttl=%hu pay=%u\n",

	char tmp = '\n';

	if(!short_tcp)tmp=' ';	
	x.tcp = target;	
	fprintf(stderr, "TCP: p=%u->%u, s/a=%u%c",
	ntohs(x.tcp->th_sport), ntohs(x.tcp->th_dport), ntohl(x.tcp->th_seq),tmp);
	if(!short_tcp) fprintf(stderr, "-> %u o=%hu f=%hu w=%u u=%u optl=%i\n",




   u_char syncookie[20];
   long synbits;
   
   ip  = (char *)ipp;
   tcp = (char *)ip + (int)ip->ip_hl*4;


    bzero(buf, sizeof(buf));

   u_char syncookie[20];
   long synbits;

   ip  = (char *)ipp;
   tcp = (char *)ip + (int)ip->ip_hl*4;

   bzero(buf, sizeof(buf));
   memcpy(buf,   &ip->ip_dst, 4);   

                         0,             /*how much crap*/
                         (char *)x->eth);
 
   x->ip = (char *)x->eth + LIBNET_ETH_H;
   
   libnet_build_ip(LIBNET_TCP_H,
                0, // tos

                (char *)x->ip);
   
   x->ip->ip_off = 64; /* set DF flag */
   x->tcp = (char *)x->ip + (int)x->ip->ip_hl*4;
   
   libnet_build_tcp(12345, // source port
                 139,  // dest port

Return to bug 141828

Lines 190-196 Link Here

(-)src.orig/lc.c (-3 / +3 lines)
190	break;	190	break;
191	case 'h':	191	case 'h':
192	if(sniff_file[0]=='-' &&	192	if(sniff_file[0]=='-' &&
193	sniff_file[1]==0) (void *)sniff.dump = stdout;	193	sniff_file[1]==0) sniff.dump = stdout;
194	else sniff.dump = (void *)fopen(sniff_file, "w");	194	else sniff.dump = (void *)fopen(sniff_file, "w");
195	if(!sniff.dump){	195	if(!sniff.dump){
196	fprintf(stderr, "Couldn't open file: %s\n", sniff.dump);	196	fprintf(stderr, "Couldn't open file: %s\n", sniff.dump);
Lines 223-229 Link Here
223	break;	223	break;
224	case 'h':	224	case 'h':
225	if(spoof_file[0]=='-' &&	225	if(spoof_file[0]=='-' &&
226	spoof_file[1]==0) (void *)spoof.pcap = stdin;	226	spoof_file[1]==0) spoof.pcap = stdin;
227	else spoof.pcap = (void *)fopen(spoof_file, "r");	227	else spoof.pcap = (void *)fopen(spoof_file, "r");
228	if(!spoof.pcap){	228	if(!spoof.pcap){
229	fprintf(stderr, "Couldn't open file: %s\n", spoof.pcap);	229	fprintf(stderr, "Couldn't open file: %s\n", spoof.pcap);
Lines 244-250 Link Here
244	i=1;	244	i=1;
245	if(!pid){	245	if(!pid){
246	if(sniff_packets){	246	if(sniff_packets){
247	(void *)sniff.packet = pcap_next(sniff.pcap, &(sniff.pkthdr));	247	sniff.packet = pcap_next(sniff.pcap, &(sniff.pkthdr));
248	if(!sniff.packet) continue; /* network has "infinite packets, but there's blocking */	248	if(!sniff.packet) continue; /* network has "infinite packets, but there's blocking */
249	if(trailer_sniff){	249	if(trailer_sniff){
250	pk_hmac(buf, sniff_key, sniff.packet, sniff.pkthdr.caplen-21);	250	pk_hmac(buf, sniff_key, sniff.packet, sniff.pkthdr.caplen-21);

Lines 109-115 Link Here

(-)src.orig/paketto.c (-9 / +9 lines)
109	if(datalink != DLT_EN10MB) return(0); /* validate is our ethernet */	109	if(datalink != DLT_EN10MB) return(0); /* validate is our ethernet */
110	if(length < LIBNET_ETH_H) return(0); /* validate can be ethernet */	110	if(length < LIBNET_ETH_H) return(0); /* validate can be ethernet */
111		111
112	(char )x->eth = (char )packet;	112	x->eth = (char *)packet;
113	l2_offset=LIBNET_ETH_H;	113	l2_offset=LIBNET_ETH_H;
114	ok += l2_offset;	114	ok += l2_offset;
115		115
Lines 118-124 Link Here
118	case ETHERTYPE_ARP:	118	case ETHERTYPE_ARP:
119	if(length < LIBNET_ETH_H + LIBNET_ARP_H)	119	if(length < LIBNET_ETH_H + LIBNET_ARP_H)
120	return(0);	120	return(0);
121	(char )x->arp = (char )x->eth + LIBNET_ETH_H;	121	x->arp = (char *)x->eth + LIBNET_ETH_H;
122	ok+=LIBNET_ARP_H;	122	ok+=LIBNET_ARP_H;
123	return(ok);	123	return(ok);
124	break;	124	break;
Lines 133-140 Link Here
133	if(length < l2_offset + LIBNET_IP_H) /* Could we be IP? */	133	if(length < l2_offset + LIBNET_IP_H) /* Could we be IP? */
134	return(0);	134	return(0);
135	ok+=LIBNET_IP_H;	135	ok+=LIBNET_IP_H;
136	if(x->eth) (char )x->ip = (char )x->eth + l2_offset;	136	if(x->eth) x->ip = (char *)x->eth + l2_offset;
137	else (char )x->ip = (char )packet;	137	else x->ip = (char *)packet;
138		138
139	if(x->ip->ip_off != 0 && x->ip->ip_off != ntohs(16384)) return(0);	139	if(x->ip->ip_off != 0 && x->ip->ip_off != ntohs(16384)) return(0);
140	if(x->ip->ip_v != 4) return(0);	140	if(x->ip->ip_v != 4) return(0);
Lines 164-182 Link Here
164	return(0);	164	return(0);
165	ok+=LIBNET_TCP_H;	165	ok+=LIBNET_TCP_H;
166	}	166	}
167	(char )x->tcp = (char )x->ip + ((int)x->ip->ip_hl*4);	167	x->tcp = (char )x->ip + ((int)x->ip->ip_hl4);
168	break;	168	break;
169	case IPPROTO_UDP:	169	case IPPROTO_UDP:
170	if(length < l2_offset + (int)x->ip->ip_hl*4 + LIBNET_UDP_H)	170	if(length < l2_offset + (int)x->ip->ip_hl*4 + LIBNET_UDP_H)
171	return(0);	171	return(0);
172	ok+=LIBNET_UDP_H;	172	ok+=LIBNET_UDP_H;
173	(char )x->udp = (char )x->ip + ((int)x->ip->ip_hl*4);	173	x->udp = (char )x->ip + ((int)x->ip->ip_hl4);
174	break;	174	break;
175	case IPPROTO_ICMP:	175	case IPPROTO_ICMP:
176	if(length < l2_offset + (int)x->ip->ip_hl*4 + 8)	176	if(length < l2_offset + (int)x->ip->ip_hl*4 + 8)
177	return(0);	177	return(0);
178	ok+=LIBNET_ICMP_H;	178	ok+=LIBNET_ICMP_H;
179	(char )x->icmp= (char )x->ip + ((int)x->ip->ip_hl*4);	179	x->icmp= (char )x->ip + ((int)x->ip->ip_hl4);
180	break;	180	break;
181	default:	181	default:
182	return(0);	182	return(0);
Lines 317-323 Link Here
317	char buf[MX_B], buf2[MX_B];	317	char buf[MX_B], buf2[MX_B];
318	struct frame x;	318	struct frame x;
319		319
320	(char *)x.ip = target;	320	x.ip = target;
321	snprintf(buf, sizeof(buf), "%s", inet_ntoa(x.ip->ip_src));	321	snprintf(buf, sizeof(buf), "%s", inet_ntoa(x.ip->ip_src));
322	snprintf(buf2, sizeof(buf2), "%s", inet_ntoa(x.ip->ip_dst));	322	snprintf(buf2, sizeof(buf2), "%s", inet_ntoa(x.ip->ip_dst));
323	fprintf(stderr, " IP: i=%s->%s v=%hu hl=%hu s=%hu id=%i o=%hu ttl=%hu pay=%u\n",	323	fprintf(stderr, " IP: i=%s->%s v=%hu hl=%hu s=%hu id=%i o=%hu ttl=%hu pay=%u\n",
Lines 334-340 Link Here
334	char tmp = '\n';	334	char tmp = '\n';
335		335
336	if(!short_tcp)tmp=' ';	336	if(!short_tcp)tmp=' ';
337	(char *)x.tcp = target;	337	x.tcp = target;
338	fprintf(stderr, "TCP: p=%u->%u, s/a=%u%c",	338	fprintf(stderr, "TCP: p=%u->%u, s/a=%u%c",
339	ntohs(x.tcp->th_sport), ntohs(x.tcp->th_dport), ntohl(x.tcp->th_seq),tmp);	339	ntohs(x.tcp->th_sport), ntohs(x.tcp->th_dport), ntohl(x.tcp->th_seq),tmp);
340	if(!short_tcp) fprintf(stderr, "-> %u o=%hu f=%hu w=%u u=%u optl=%i\n",	340	if(!short_tcp) fprintf(stderr, "-> %u o=%hu f=%hu w=%u u=%u optl=%i\n",

Lines 10-17 Link Here

(-)src.orig/scanutil.c (-6 / +6 lines)
10	u_char syncookie[20];	10	u_char syncookie[20];
11	long synbits;	11	long synbits;
12		12
13	(char )ip = (char )ipp;	13	ip = (char *)ipp;
14	(char )tcp = (char )ip + (int)ip->ip_hl*4;	14	tcp = (char )ip + (int)ip->ip_hl4;
15		15
16		16
17	bzero(buf, sizeof(buf));	17	bzero(buf, sizeof(buf));
Lines 39-46 Link Here
39	u_char syncookie[20];	39	u_char syncookie[20];
40	long synbits;	40	long synbits;
41		41
42	(char )ip = (char )ipp;	42	ip = (char *)ipp;
43	(char )tcp = (char )ip + (int)ip->ip_hl*4;	43	tcp = (char )ip + (int)ip->ip_hl4;
44		44
45	bzero(buf, sizeof(buf));	45	bzero(buf, sizeof(buf));
46	memcpy(buf, &ip->ip_dst, 4);	46	memcpy(buf, &ip->ip_dst, 4);
Lines 261-267 Link Here
261	0, /how much crap/	261	0, /how much crap/
262	(char *)x->eth);	262	(char *)x->eth);
263		263
264	(char )x->ip = (char )x->eth + LIBNET_ETH_H;	264	x->ip = (char *)x->eth + LIBNET_ETH_H;
265		265
266	libnet_build_ip(LIBNET_TCP_H,	266	libnet_build_ip(LIBNET_TCP_H,
267	0, // tos	267	0, // tos
Lines 276-282 Link Here
276	(char *)x->ip);	276	(char *)x->ip);
277		277
278	x->ip->ip_off = 64; /* set DF flag */	278	x->ip->ip_off = 64; /* set DF flag */
279	(char )x->tcp = (char )x->ip + (int)x->ip->ip_hl*4;	279	x->tcp = (char )x->ip + (int)x->ip->ip_hl4;
280		280
281	libnet_build_tcp(12345, // source port	281	libnet_build_tcp(12345, // source port
282	139, // dest port	282	139, // dest port