diff options
| author | elnerd <erlend.leiknes@gmail.com> | 2019-01-16 20:40:58 +0100 |
|---|---|---|
| committer | elnerd <erlend.leiknes@gmail.com> | 2019-01-16 20:40:58 +0100 |
| commit | bf54c7ed64a17693762a9db4fbaa3765d182a501 (patch) | |
| tree | 6127139aee5d3c3b10f70d092a775f7f94774517 | |
| parent | d9d7a33d2e2f1627845001b98152cd05b5781ab3 (diff) | |
fixed some bugs that can lead to remove segfaults
| -rw-r--r-- | src/pdesc.c | 2 | ||||
| -rw-r--r-- | src/pkt.c | 12 |
2 files changed, 12 insertions, 2 deletions
diff --git a/src/pdesc.c b/src/pdesc.c index 5ba2003..51fa3ab 100644 --- a/src/pdesc.c +++ b/src/pdesc.c @@ -56,7 +56,7 @@ * the descriptor chain. If the sock argument is 0, the function will establish * a TCP connection to the ip and port given by dst_ip, dst_port. */ -proxy_desc_t* create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, +proxy_desc_t *create_and_insert_proxy_desc(uint16_t id_no, uint16_t icmp_id, int sock, struct sockaddr_in *addr, uint32_t dst_ip, uint32_t dst_port, uint32_t init_state, uint32_t type) { @@ -124,6 +124,10 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a pkt_flag = pt_pkt->state & kFlag_mask; pt_pkt->state &= ~kFlag_mask; + if (pt_pkt->state > (kNum_proto_types-1)) { + pt_log(kLog_error, "Dropping packet with invalid state.\n"); + return; + } pt_log(kLog_sendrecv, "Recv: %d [%d] bytes " "[seq = %d] [type = %s] " "[ack = %d] [icmp = %d] " @@ -166,14 +170,20 @@ void handle_packet(char *buf, unsigned bytes, int is_pcap, struct sockaddr_in *a else init_state = kProto_data; - cur = create_and_insert_proxy_desc(pt_pkt->id_no, pkt->identifier, 0, + cur = (proxy_desc_t*) create_and_insert_proxy_desc(pt_pkt->id_no, pkt->identifier, 0, addr, pt_pkt->dst_ip, ntohl(pt_pkt->dst_port), init_state, kProxy_flag); + if (!cur) { + /* if failed, abort. Logging is done in create_insert_proxy_desc */ + pt_log(kLog_info, "failed to create proxy descriptor\n"); + return; + } if (init_state == kProto_authenticate) { pt_log(kLog_debug, "Sending authentication challenge..\n"); /* Send challenge */ cur->challenge = generate_challenge(); + pt_log(kLog_debug, "Challenge generated\n"); memcpy(cur->buf, cur->challenge, sizeof(challenge_t)); queue_packet(icmp_sock, cur->pkt_type, cur->buf, sizeof(challenge_t), cur->id_no, |