diff options
Diffstat (limited to 'print-esp.c')
| -rw-r--r-- | print-esp.c | 54 |
1 files changed, 29 insertions, 25 deletions
diff --git a/print-esp.c b/print-esp.c index 61c3e13b..2cee0889 100644 --- a/print-esp.c +++ b/print-esp.c @@ -47,6 +47,8 @@ #include "netdissect.h" #include "extract.h" +#include "diag-control.h" + #ifdef HAVE_LIBCRYPTO #include "strtoaddr.h" #include "ascii_strcasecmp.h" @@ -236,7 +238,7 @@ do_decrypt(netdissect_options *ndo, const char *caller, struct sa_list *sa, * we can't decrypt on top of the input buffer. */ ptlen = ctlen; - pt = (u_char *)malloc(ptlen); + pt = (u_char *)calloc(1, ptlen); if (pt == NULL) { EVP_CIPHER_CTX_free(ctx); (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, @@ -278,7 +280,7 @@ do_decrypt(netdissect_options *ndo, const char *caller, struct sa_list *sa, * dissecting anything in it and before it does any dissection of * anything in the old buffer. That will free the new buffer. */ -USES_APPLE_DEPRECATED_API +DIAG_OFF_DEPRECATION int esp_decrypt_buffer_by_ikev2_print(netdissect_options *ndo, int initiator, const u_char spii[8], @@ -317,7 +319,7 @@ int esp_decrypt_buffer_by_ikev2_print(netdissect_options *ndo, if(end <= ct) return 0; - pt = do_decrypt(ndo, "esp_decrypt_buffer_by_ikev2_print", sa, iv, + pt = do_decrypt(ndo, __func__, sa, iv, ct, ctlen); if (pt == NULL) return 0; @@ -327,17 +329,18 @@ int esp_decrypt_buffer_by_ikev2_print(netdissect_options *ndo, * on the buffer stack so it can be freed; our caller must * pop it when done. */ - if (!nd_push_buffer(ndo, pt, pt, pt + ctlen)) { + if (!nd_push_buffer(ndo, pt, pt, ctlen)) { free(pt); - return 0; + (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, + "%s: can't push buffer on buffer stack", __func__); } return 1; } -USES_APPLE_RST +DIAG_ON_DEPRECATION static void esp_print_addsa(netdissect_options *ndo, - struct sa_list *sa, int sa_def) + const struct sa_list *sa, int sa_def) { /* copy the "sa" */ @@ -384,10 +387,9 @@ static u_int hex2byte(netdissect_options *ndo, char *hexstring) /* * returns size of binary, 0 on failure. */ -static -int espprint_decode_hex(netdissect_options *ndo, - u_char *binbuf, unsigned int binbuf_len, - char *hex) +static int +espprint_decode_hex(netdissect_options *ndo, + u_char *binbuf, unsigned int binbuf_len, char *hex) { unsigned int len; int i; @@ -413,7 +415,7 @@ int espprint_decode_hex(netdissect_options *ndo, * decode the form: SPINUM@IP <tab> ALGONAME:0xsecret */ -USES_APPLE_DEPRECATED_API +DIAG_OFF_DEPRECATION static int espprint_decode_encalgo(netdissect_options *ndo, char *decode, struct sa_list *sa) @@ -478,7 +480,7 @@ espprint_decode_encalgo(netdissect_options *ndo, return 1; } -USES_APPLE_RST +DIAG_ON_DEPRECATION /* * for the moment, ignore the auth algorithm, just hard code the authenticator @@ -670,7 +672,7 @@ static void esp_print_decode_onesecret(netdissect_options *ndo, char *line, esp_print_addsa(ndo, &sa1, sa_def); } -USES_APPLE_DEPRECATED_API +DIAG_OFF_DEPRECATION static void esp_init(netdissect_options *ndo _U_) { /* @@ -683,7 +685,7 @@ static void esp_init(netdissect_options *ndo _U_) #endif EVP_add_cipher_alias(SN_des_ede3_cbc, "3des"); } -USES_APPLE_RST +DIAG_ON_DEPRECATION void esp_decodesecret_print(netdissect_options *ndo) { @@ -720,7 +722,7 @@ void esp_decodesecret_print(netdissect_options *ndo) #endif #ifdef HAVE_LIBCRYPTO -USES_APPLE_DEPRECATED_API +DIAG_OFF_DEPRECATION #endif void esp_print(netdissect_options *ndo, @@ -760,7 +762,7 @@ esp_print(netdissect_options *ndo, ND_PRINT(", length %u", length); #ifdef HAVE_LIBCRYPTO - /* initiailize SAs */ + /* initialize SAs */ if (ndo->ndo_sa_list_head == NULL) { if (!ndo->ndo_espsecret) return; @@ -868,7 +870,7 @@ esp_print(netdissect_options *ndo, return; } - pt = do_decrypt(ndo, "esp_print", sa, iv, ct, payloadlen); + pt = do_decrypt(ndo, __func__, sa, iv, ct, payloadlen); if (pt == NULL) return; @@ -876,8 +878,7 @@ esp_print(netdissect_options *ndo, * Switch to the output buffer for dissection, and * save it on the buffer stack so it can be freed. */ - ep = pt + payloadlen; - if (!nd_push_buffer(ndo, pt, pt, ep)) { + if (!nd_push_buffer(ndo, pt, pt, payloadlen)) { free(pt); (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, "%s: can't push buffer on buffer stack", __func__); @@ -892,14 +893,14 @@ esp_print(netdissect_options *ndo, * it was not decrypted with the correct key, so that the * "plaintext" is not what was being sent. */ - padlen = GET_U_1(ep - 2); + padlen = GET_U_1(pt + payloadlen - 2); if (padlen + 2 > payloadlen) { nd_print_trunc(ndo); return; } /* Get the next header */ - nh = GET_U_1(ep - 1); + nh = GET_U_1(pt + payloadlen - 1); ND_PRINT(": "); @@ -907,7 +908,10 @@ esp_print(netdissect_options *ndo, * Don't put padding + padding length(1 byte) + next header(1 byte) * in the buffer because they are not part of the plaintext to decode. */ - nd_push_snapend(ndo, ep - (padlen + 2)); + if (!nd_push_snaplen(ndo, pt, payloadlen - (padlen + 2))) { + (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, + "%s: can't push snaplen on buffer stack", __func__); + } /* Now dissect the plaintext. */ ip_demux_print(ndo, pt, payloadlen - (padlen + 2), ver, fragmented, @@ -915,10 +919,10 @@ esp_print(netdissect_options *ndo, /* Pop the buffer, freeing it. */ nd_pop_packet_info(ndo); - /* Pop the nd_push_snapend */ + /* Pop the nd_push_snaplen */ nd_pop_packet_info(ndo); #endif } #ifdef HAVE_LIBCRYPTO -USES_APPLE_RST +DIAG_ON_DEPRECATION #endif |