/* * netsniff-ng - the packet sniffing beast * Copyright 2012 Markus Amend , Deutsche Flugsicherung GmbH * Subject to the GPL, version 2. * * IP Authentication Header described in RFC4302 */ #include #include #include /* for ntohs() */ #include "proto.h" #include "dissector_eth.h" #include "built_in.h" #include "pkt_buff.h" struct auth_hdr { uint8_t h_next_header; uint8_t h_payload_len; uint16_t h_reserved; uint32_t h_spi; uint32_t h_snf; } __packed; static void auth_hdr(struct pkt_buff *pkt) { size_t i, hdr_len; struct auth_hdr *auth_ops; auth_ops = (struct auth_hdr *) pkt_pull(pkt, sizeof(*auth_ops)); if (auth_ops == NULL) return; hdr_len = (auth_ops->h_payload_len * 4) + 8; tprintf(" [ Authentication Header "); tprintf("NextHdr (%u), ", auth_ops->h_next_header); if (hdr_len > pkt_len(pkt)) { tprintf("HdrLen (%u, %zd Bytes %s), ", auth_ops->h_payload_len, hdr_len, colorize_start_full(black, red) "invalid" colorize_end()); return; } tprintf("HdrLen (%u, %zd Bytes), ",auth_ops->h_payload_len, hdr_len); tprintf("Reserved (0x%x), ", ntohs(auth_ops->h_reserved)); /* TODO * Upgrade for Extended (64-bit) Sequence Number * http://tools.ietf.org/html/rfc4302#section-2.5.1 */ tprintf("SPI (0x%x), ", ntohl(auth_ops->h_spi)); tprintf("SNF (0x%x), ", ntohl(auth_ops->h_snf)); tprintf("ICV 0x"); for (i = sizeof(struct auth_hdr); i < hdr_len; i++) { uint8_t *data = pkt_pull(pkt, 1); if (data == NULL) { tprintf("%sinvalid%s", colorize_start_full(black, red), colorize_end()); break; } tprintf("%02x", *data); } tprintf(" ]\n"); pkt_set_dissector(pkt, ð_lay3, auth_ops->h_next_header); } static void auth_hdr_less(struct pkt_buff *pkt) { ssize_t hdr_len; struct auth_hdr *auth_ops; auth_ops = (struct auth_hdr *) pkt_pull(pkt, sizeof(*auth_ops)); if (auth_ops == NULL) return; hdr_len = (auth_ops->h_payload_len * 4) + 8; if (hdr_len > pkt_len(pkt) || hdr_len < 0) return; tprintf(" AH"); pkt_pull(pkt, hdr_len - sizeof(*auth_ops)); pkt_set_dissector(pkt, ð_lay3, auth_ops->h_next_header); } struct protocol ip_auth_ops = { .key = 0x33, .print_full = auth_hdr, .print_less = auth_hdr_less, }; n>
diff options
context:
space:
mode:
authorSven Eckelmann <sven@narfation.org>2016-06-30 20:11:34 +0200
committerSimon Wunderlich <sw@simonwunderlich.de>2016-07-05 12:43:52 +0200
commit15c2ed753cd9e3e746472deab8151337a5b6da56 (patch)
treeb078f6d4b1f139c456e2643461dc24699a5b92b3
parent3db0decf1185357d6ab2256d0dede1ca9efda03d (diff)
batman-adv: Fix reference leak in batadv_find_router
The replacement of last_bonding_candidate in batadv_orig_node has to be an atomic operation. Otherwise it is possible that the reference counter of a batadv_orig_ifinfo is reduced which was no longer the last_bonding_candidate when the new candidate is added. This can either lead to an invalid memory access or to reference leaks which make it impossible to an interface which was added to batman-adv. Fixes: f3b3d9018975 ("batman-adv: add bonding again") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Diffstat