diff options
| author | dev0 <matzeton@googlemail.com> | 2019-01-16 23:17:06 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-16 23:17:06 +0100 |
| commit | 7cdddf21d5554268674454d0659b713864380ab0 (patch) | |
| tree | 5a39412ad8cd39b814f6c0878783c5c850433553 | |
| parent | d9d7a33d2e2f1627845001b98152cd05b5781ab3 (diff) | |
| parent | 5850d4218e7199c80499217a6f9faeb967f69c08 (diff) | |
Merge pull request #2 from elnerd/bugfixes
fixed some vulnerabilities which can cause ptunnel-ng to crash
| -rw-r--r-- | src/pdesc.c | 2 | ||||
| -rw-r--r-- | src/pkt.c | 11 |
2 files changed, 11 insertions, 2 deletions
diff --git a/src/pdesc.c b/src/pdesc.c index 5ba2003..51fa3ab 100644 --- a/src/pdesc.c +++ b/src/pdesc.c @@ -56,7 +56,7 @@ * the descriptor chain. If the sock argument is 0, the function will establish * a TCP connection to the ip and port given by dst_ip, dst_port. */ -proxy_desc_t* create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, +proxy_desc_t *create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, int sock, struct sockaddr_in *addr, uint32_t dst_ip, uint32_t dst_port, uint32_t init_state, uint32_t type) { @@ -124,6 +124,10 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a pkt_flag = pt_pkt->state & kFlag_mask; pt_pkt->state &= ~kFlag_mask; + if (pt_pkt->state > (kNum_proto_types-1)) { + pt_log(kLog_error, "Dropping packet with invalid state.\n"); + return; + } pt_log(kLog_sendrecv, "Recv: %d [%d] bytes " "[seq = %d] [type = %s] " "[ack = %d] [icmp = %d] " @@ -166,10 +170,15 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a else init_state = kProto_data; - cur = create_and_insert_proxy_desc(pt_pkt->id_no, pkt->identifier, 0, + cur = (proxy_desc_t *) create_and_insert_proxy_desc(pt_pkt->id_no, pkt->identifier, 0, addr, pt_pkt->dst_ip, ntohl(pt_pkt->dst_port), init_state, kProxy_flag); + if (!cur) { + /* if failed, abort. Logging is done in create_insert_proxy_desc */ + pt_log(kLog_error, "Failed to create proxy descriptor!\n"); + return; + } if (init_state == kProto_authenticate) { pt_log(kLog_debug, "Sending authentication challenge..\n"); /* Send challenge */ |