Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Redo how reassembled flag is accessed in IP_Hdr, filling in a memory hole

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-07-13 19:11:31 +00:00 committed by Tim Wojtulewicz
parent aa76cb3925
commit f849f024e5
3 changed files with 12 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/Frag.cc
View file

@ -295,8 +295,7 @@ void FragReassembler::BlockInserted(DataBlockMap::const_iterator /* it */)
{
struct ip* reassem4 = (struct ip*) pkt_start;
reassem4->ip_len = htons(frag_size + proto_hdr_len);
reassembled_pkt = std::make_unique<IP_Hdr>(reassem4, true);
reassembled_pkt->reassembled = true;
reassembled_pkt = std::make_unique<IP_Hdr>(reassem4, true, true);
DeleteTimer();
}
@ -305,8 +304,7 @@ void FragReassembler::BlockInserted(DataBlockMap::const_iterator /* it */)
struct ip6_hdr* reassem6 = (struct ip6_hdr*) pkt_start;
reassem6->ip6_plen = htons(frag_size + proto_hdr_len - 40);
const IPv6_Hdr_Chain* chain = new IPv6_Hdr_Chain(reassem6, next_proto, n);
reassembled_pkt = std::make_unique<IP_Hdr>(reassem6, true, n, chain);
reassembled_pkt->reassembled = true;
reassembled_pkt = std::make_unique<IP_Hdr>(reassem6, true, n, chain, true);
DeleteTimer();
}

18
src/IP.h
View file

@ -288,9 +288,10 @@ public:
* already checked that the header is not truncated.
* @param arg_ip4 pointer to memory containing an IPv4 packet.
* @param arg_del whether to take ownership of \a arg_ip4 pointer's memory.
* @param reassembled whether this header is for a reassembled packet.
*/
IP_Hdr(const struct ip* arg_ip4, bool arg_del)
: ip4(arg_ip4), del(arg_del)
IP_Hdr(const struct ip* arg_ip4, bool arg_del, bool reassembled=false)
: ip4(arg_ip4), del(arg_del), reassembled(reassembled)
{
}
@ -304,11 +305,12 @@ public:
* @param arg_del whether to take ownership of \a arg_ip6 pointer's memory.
* @param len the packet's length in bytes.
* @param c an already-constructed header chain to take ownership of.
* @param reassembled whether this header is for a reassembled packet.
*/
IP_Hdr(const struct ip6_hdr* arg_ip6, bool arg_del, int len,
const IPv6_Hdr_Chain* c = nullptr)
const IPv6_Hdr_Chain* c = nullptr, bool reassembled=false)
: ip6(arg_ip6), ip6_hdrs(c ? c : new IPv6_Hdr_Chain(ip6, len)),
del(arg_del)
del(arg_del), reassembled(reassembled)
{
}
@ -524,16 +526,14 @@ public:
*/
RecordValPtr ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const;
/**
* Denotes whether this header is from a set of packet fragments.
*/
bool reassembled = false;
bool Reassembled() const { return reassembled; }
private:
const struct ip* ip4 = nullptr;
const struct ip6_hdr* ip6 = nullptr;
const IPv6_Hdr_Chain* ip6_hdrs = nullptr;
bool del;
bool del = false;
bool reassembled = false;
};
} // namespace zeek

2
src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc
View file

@ -100,7 +100,7 @@ bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt
// If the packet is reassembled, disable packet dumping because the
// pointer math to dump the data wouldn't work.
if ( pkt->ip_hdr->reassembled )
if ( pkt->ip_hdr->Reassembled() )
pkt->dump_packet = false;
else if ( conn->RecordPackets() )
{