Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Redo how reassembled flag is accessed in IP_Hdr, filling in a memory hole

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-07-13 19:11:31 +00:00 committed by Tim Wojtulewicz
parent aa76cb3925
commit f849f024e5
3 changed files with 12 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/Frag.cc
View file

@ -295,8 +295,7 @@ void FragReassembler::BlockInserted(DataBlockMap::const_iterator /* it */)
{ {
struct ip* reassem4 = (struct ip*) pkt_start; struct ip* reassem4 = (struct ip*) pkt_start;
reassem4->ip_len = htons(frag_size + proto_hdr_len); reassem4->ip_len = htons(frag_size + proto_hdr_len);
reassembled_pkt = std::make_unique<IP_Hdr>(reassem4, true); reassembled_pkt = std::make_unique<IP_Hdr>(reassem4, true, true);
reassembled_pkt->reassembled = true;
DeleteTimer(); DeleteTimer();
} }
@ -305,8 +304,7 @@ void FragReassembler::BlockInserted(DataBlockMap::const_iterator /* it */)
struct ip6_hdr* reassem6 = (struct ip6_hdr*) pkt_start; struct ip6_hdr* reassem6 = (struct ip6_hdr*) pkt_start;
reassem6->ip6_plen = htons(frag_size + proto_hdr_len - 40); reassem6->ip6_plen = htons(frag_size + proto_hdr_len - 40);
const IPv6_Hdr_Chain* chain = new IPv6_Hdr_Chain(reassem6, next_proto, n); const IPv6_Hdr_Chain* chain = new IPv6_Hdr_Chain(reassem6, next_proto, n);
reassembled_pkt = std::make_unique<IP_Hdr>(reassem6, true, n, chain); reassembled_pkt = std::make_unique<IP_Hdr>(reassem6, true, n, chain, true);
reassembled_pkt->reassembled = true;
DeleteTimer(); DeleteTimer();
} }

18
src/IP.h
View file

@ -288,9 +288,10 @@ public:
* already checked that the header is not truncated. * already checked that the header is not truncated.
* @param arg_ip4 pointer to memory containing an IPv4 packet. * @param arg_ip4 pointer to memory containing an IPv4 packet.
* @param arg_del whether to take ownership of \a arg_ip4 pointer's memory. * @param arg_del whether to take ownership of \a arg_ip4 pointer's memory.
* @param reassembled whether this header is for a reassembled packet.
*/ */
IP_Hdr(const struct ip* arg_ip4, bool arg_del) IP_Hdr(const struct ip* arg_ip4, bool arg_del, bool reassembled=false)
: ip4(arg_ip4), del(arg_del) : ip4(arg_ip4), del(arg_del), reassembled(reassembled)
{ {
} }
@ -304,11 +305,12 @@ public:
* @param arg_del whether to take ownership of \a arg_ip6 pointer's memory. * @param arg_del whether to take ownership of \a arg_ip6 pointer's memory.
* @param len the packet's length in bytes. * @param len the packet's length in bytes.
* @param c an already-constructed header chain to take ownership of. * @param c an already-constructed header chain to take ownership of.
* @param reassembled whether this header is for a reassembled packet.
*/ */
IP_Hdr(const struct ip6_hdr* arg_ip6, bool arg_del, int len, IP_Hdr(const struct ip6_hdr* arg_ip6, bool arg_del, int len,
const IPv6_Hdr_Chain* c = nullptr) const IPv6_Hdr_Chain* c = nullptr, bool reassembled=false)
: ip6(arg_ip6), ip6_hdrs(c ? c : new IPv6_Hdr_Chain(ip6, len)), : ip6(arg_ip6), ip6_hdrs(c ? c : new IPv6_Hdr_Chain(ip6, len)),
del(arg_del) del(arg_del), reassembled(reassembled)
{ {
} }
@ -524,16 +526,14 @@ public:
*/ */
RecordValPtr ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const; RecordValPtr ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const;
/** bool Reassembled() const { return reassembled; }
* Denotes whether this header is from a set of packet fragments.
*/
bool reassembled = false;
private: private:
const struct ip* ip4 = nullptr; const struct ip* ip4 = nullptr;
const struct ip6_hdr* ip6 = nullptr; const struct ip6_hdr* ip6 = nullptr;
const IPv6_Hdr_Chain* ip6_hdrs = nullptr; const IPv6_Hdr_Chain* ip6_hdrs = nullptr;
bool del; bool del = false;
bool reassembled = false;
}; };
} // namespace zeek } // namespace zeek

2
src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc
View file

@ -100,7 +100,7 @@ bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt
// If the packet is reassembled, disable packet dumping because the // If the packet is reassembled, disable packet dumping because the
// pointer math to dump the data wouldn't work. // pointer math to dump the data wouldn't work.
if ( pkt->ip_hdr->reassembled ) if ( pkt->ip_hdr->Reassembled() )
pkt->dump_packet = false; pkt->dump_packet = false;
else if ( conn->RecordPackets() ) else if ( conn->RecordPackets() )
{ {