mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Add length checking to ToRawPktHdrVal for truncated packets
This commit is contained in:
parent
64f84aba34
commit
fc78b14cd7
3 changed files with 34 additions and 2 deletions
|
@ -117,8 +117,18 @@ RecordValPtr Packet::ToRawPktHdrVal() const
|
||||||
// Ethernet header layout is:
|
// Ethernet header layout is:
|
||||||
// dst[6bytes] src[6bytes] ethertype[2bytes]...
|
// dst[6bytes] src[6bytes] ethertype[2bytes]...
|
||||||
l2_hdr->Assign(0, BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_ETHERNET));
|
l2_hdr->Assign(0, BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_ETHERNET));
|
||||||
|
|
||||||
|
// FmtEUI48 needs at least 6 bytes to print out the mac address, plus 6 bytes for
|
||||||
|
// skipping over the destination address.
|
||||||
|
if ( cap_len >= 12 )
|
||||||
l2_hdr->Assign(3, FmtEUI48(data + 6)); // src
|
l2_hdr->Assign(3, FmtEUI48(data + 6)); // src
|
||||||
|
else
|
||||||
|
l2_hdr->Assign(3, "00:00:00:00:00:00");
|
||||||
|
|
||||||
|
if ( cap_len >= 6 )
|
||||||
l2_hdr->Assign(4, FmtEUI48(data)); // dst
|
l2_hdr->Assign(4, FmtEUI48(data)); // dst
|
||||||
|
else
|
||||||
|
l2_hdr->Assign(4, "00:00:00:00:00:00");
|
||||||
|
|
||||||
if ( vlan )
|
if ( vlan )
|
||||||
l2_hdr->Assign(5, vlan);
|
l2_hdr->Assign(5, vlan);
|
||||||
|
|
11
testing/btest/Baseline/core.raw-truncation/weird.log
Normal file
11
testing/btest/Baseline/core.raw-truncation/weird.log
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
|
#separator \x09
|
||||||
|
#set_separator ,
|
||||||
|
#empty_field (empty)
|
||||||
|
#unset_field -
|
||||||
|
#path weird
|
||||||
|
#open XXXX-XX-XX-XX-XX-XX
|
||||||
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
||||||
|
#types time string addr port addr port string string bool string string
|
||||||
|
XXXXXXXXXX.XXXXXX - - - - - truncated_ethernet_frame - F zeek ETHERNET
|
||||||
|
#close XXXX-XX-XX-XX-XX-XX
|
11
testing/btest/core/raw-truncation.zeek
Normal file
11
testing/btest/core/raw-truncation.zeek
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# @TEST-DOC: Test that raw_packet works correctly with a truncated packet
|
||||||
|
# @TEST-EXEC: zeek -r $TRACES/trunc/trunc-hdr.pcap %INPUT
|
||||||
|
# @TEST-EXEC: btest-diff weird.log
|
||||||
|
|
||||||
|
event raw_packet(p: raw_pkt_hdr) {
|
||||||
|
if ( ! p?$ip )
|
||||||
|
return;
|
||||||
|
|
||||||
|
if ( p$ip$hl != 20 )
|
||||||
|
print p$ip;
|
||||||
|
}
|
Loading…
Add table
Add a link
Reference in a new issue