~ubuntu-branches/ubuntu/jaunty/sip-tester/jaunty

Committer: Bazaar Package Importer
Author(s): Nico Golde
Date: 2008-05-04 13:58:41 UTC
mfrom: (3.1.2 intrepid)
Revision ID: james.westby@ubuntu.com-20080504135841-1oykxb0mtrrn7pfu

Tags: 2.0.1-1.2

http://bugs.debian.org/479039

* Non-maintainer upload by the Security Team.
* CVE-2008-1959: Fix stack-based buffer overflow in the
  get_remote_video_port_media function
* CVE-2008-2085: Fix stack-baseed buffer overflow in the
  get_remote_ip_media and get_remote_ipv6_media
  functions which lead to arbitrary code execution (Closes: #479039).

files added:
local.mk

milenage.c

milenage.h

prepare_pcap.c

prepare_pcap.h

rijndael.c

rijndael.h

tools

tools/monitor

tools/monitor/README.txt

tools/monitor/auto_script

tools/monitor/fullcsv

tools/monitor/snmparser

files modified:
MEDIA.txt

Makefile

README.txt

actions.cpp

actions.hpp

auth.c

call.cpp

call.hpp

debian/changelog

pcap/dtmf_2833_1.pcap *

pcap/dtmf_2833_2.pcap *

pcap/dtmf_2833_3.pcap *

pcap/dtmf_2833_4.pcap *

pcap/dtmf_2833_5.pcap *

pcap/dtmf_2833_6.pcap *

pcap/dtmf_2833_7.pcap *

pcap/dtmf_2833_8.pcap *

pcap/dtmf_2833_9.pcap *

pcap/dtmf_2833_pound.pcap *

pcap/dtmf_2833_star.pcap *

pcap/g711a.pcap *

scenario.cpp

scenario.hpp

screen.cpp

screen.hpp

send_packets.c

send_packets.h

sipp.cpp

sipp.hpp

stat.cpp

stat.hpp

variables.cpp

variables.hpp

xp_parser.c

Show diffs side-by-side

added added

removed removed

prepare_pcap.c

* This program is free software; you can redistribute it and/or modify

* it under the terms of the GNU General Public License as published by

* the Free Software Foundation; either version 2 of the License, or

* (at your option) any later version.

* This program is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

* GNU General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program; if not, write to the Free Software

* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

* Author : Guillaume TEISSIER from FTR&D 02/02/2006

#include <pcap.h>

#include <stdlib.h>

#include <netinet/in.h>

#include <netinet/udp.h>

#if defined(__HPUX) || defined(__CYGWIN)

#include <netinet/in_systm.h>

#endif

#include <netinet/ip.h>

#ifndef __CYGWIN

#include <netinet/ip6.h>

#endif

#include <string.h>

#include "prepare_pcap.h"

#include "screen.hpp"

/* We define our own structures for Ethernet Header and IPv6 Header as they are not available on CYGWIN.

* We only need the fields, which are necessary to determine the type of the next header.

* we could also define our own structures for UDP and IPv4. We currently use the structures

* made available by the platform, as we had no problems to get them on all supported platforms.

typedef struct _ether_hdr {

char ether_dst[6];

char ether_src[6];

u_int16_t ether_type; /* we only need the type, so we can determine, if the next header is IPv4 or IPv6 */

} ether_hdr;

typedef struct _ipv6_hdr {

char dontcare[6];

u_int8_t nxt_header; /* we only need the next header, so we can determine, if the next header is UDP or not */

char dontcare2[33];

} ipv6_hdr;

#ifdef __HPUX

int check(u_int16_t *buffer, int len){

#else

inline int check(u_int16_t *buffer, int len){

#endif

int sum;

int i;

sum = 0;

for (i=0; i<(len&~1); i+= 2)

sum += *buffer++;

if (len & 1) {

sum += htons( (*(const u_int8_t *)buffer) << 8);

}

return sum;

}

#ifdef __HPUX

u_int16_t checksum_carry(int s) {

#else

inline u_int16_t checksum_carry(int s) {

#endif

int s_c = (s >> 16) + (s & 0xffff);

return (~(s_c + (s_c >> 16)) & 0xffff);

}

char errbuf[PCAP_ERRBUF_SIZE];

/* prepare a pcap file

int prepare_pkts(char *file, pcap_pkts *pkts) {

pcap_t *pcap;

struct pcap_pkthdr *pkthdr = NULL;

u_char *pktdata = NULL;

int n_pkts = 0;

u_long max_length = 0;

u_int16_t base = 0xffff;

u_long pktlen;

pcap_pkt *pkt_index;

ether_hdr *ethhdr;

struct iphdr *iphdr;

ipv6_hdr *ip6hdr;

struct udphdr *udphdr;

pkts->pkts = NULL;

100

pcap = pcap_open_offline(file, errbuf);

101

if (!pcap)

102

ERROR_P1("Can't open PCAP file '%s'", file);

103

104

#if HAVE_PCAP_NEXT_EX

105

while (pcap_next_ex (pcap, &pkthdr, (const u_char **) &pktdata) == 1)

106

{

107

#else

108

#ifdef __HPUX

109

pkthdr = (pcap_pkthdr *) malloc (sizeof (*pkthdr));

110

#else

111

pkthdr = malloc (sizeof (*pkthdr));

112

#endif

113

if (!pkthdr)

114

ERROR("Can't allocate memory for pcap pkthdr");

115

while ((pktdata = (u_char *) pcap_next (pcap, pkthdr)) != NULL)

116

{

117

#endif

118

ethhdr = (ether_hdr *)pktdata;

119

if (ntohs(ethhdr->ether_type) != 0x0800 /* IPv4 */

120

&& ntohs(ethhdr->ether_type) != 0x86dd) /* IPv6 */ {

121

fprintf(stderr, "Ignoring non IP{4,6} packet!\n");

122

continue;

123

}

124

iphdr = (struct iphdr *)((char *)ethhdr + sizeof(*ethhdr));

125

if (iphdr && iphdr->version == 6) {

126

//ipv6

127

pktlen = (u_long) pkthdr->len - sizeof(*ethhdr) - sizeof(*ip6hdr);

128

ip6hdr = (ipv6_hdr *)(void *) iphdr;

129

if (ip6hdr->nxt_header != IPPROTO_UDP) {

130

fprintf(stderr, "prepare_pcap.c: Ignoring non UDP packet!\n");

131

continue;

132

}

133

udphdr = (struct udphdr *)((char *)ip6hdr + sizeof(*ip6hdr));

134

} else {

135

//ipv4

136

if (iphdr->protocol != IPPROTO_UDP) {

137

fprintf(stderr, "prepare_pcap.c: Ignoring non UDP packet!\n");

138

continue;

139

}

140

#if defined(__DARWIN) || defined(__CYGWIN)

141

udphdr = (struct udphdr *)((char *)iphdr + (iphdr->ihl << 2) + 4);

142

pktlen = (u_long)(ntohs(udphdr->uh_ulen));

143

#elif defined ( __HPUX)

144

udphdr = (struct udphdr *)((char *)iphdr + (iphdr->ihl << 2));

145

pktlen = (u_long) pkthdr->len - sizeof(*ethhdr) - sizeof(*iphdr);

146

#else

147

udphdr = (struct udphdr *)((char *)iphdr + (iphdr->ihl << 2));

148

pktlen = (u_long)(ntohs(udphdr->len));

149

#endif

150

}

151

if (pktlen > PCAP_MAXPACKET) {

152

ERROR("Packet size is too big! Recompile with bigger PCAP_MAXPACKET in prepare_pcap.h");

153

}

154

pkts->pkts = (pcap_pkt *) realloc(pkts->pkts, sizeof(*(pkts->pkts)) * (n_pkts + 1));

155

if (!pkts->pkts)

156

ERROR("Can't re-allocate memory for pcap pkt");

157

pkt_index = pkts->pkts + n_pkts;

158

pkt_index->pktlen = pktlen;

159

pkt_index->ts = pkthdr->ts;

160

pkt_index->data = (unsigned char *) malloc(pktlen);

161

if (!pkt_index->data)

162

ERROR("Can't allocate memory for pcap pkt data");

163

memcpy(pkt_index->data, udphdr, pktlen);

164

165

#if defined(__HPUX) || defined(__DARWIN) || (defined __CYGWIN)

166

udphdr->uh_sum = 0 ;

167

#else

168

udphdr->check = 0;

169

#endif

170

171

// compute a partial udp checksum

172

// not including port that will be changed

173

// when sending RTP

174

#if defined(__HPUX) || defined(__DARWIN) || (defined __CYGWIN)

175

pkt_index->partial_check = check((u_int16_t *) &udphdr->uh_ulen, pktlen - 4) + ntohs(IPPROTO_UDP + pktlen);

176

#else

177

pkt_index->partial_check = check((u_int16_t *) &udphdr->len, pktlen - 4) + ntohs(IPPROTO_UDP + pktlen);

178

#endif

179

if (max_length < pktlen)

180

max_length = pktlen;

181

#if defined(__HPUX) || defined(__DARWIN) || (defined __CYGWIN)

182

if (base > ntohs(udphdr->uh_dport))

183

base = ntohs(udphdr->uh_dport);

184

#else

185

if (base > ntohs(udphdr->dest))

186

base = ntohs(udphdr->dest);

187

#endif

188

n_pkts++;

189

}

190

pkts->max = pkts->pkts + n_pkts;

191

pkts->max_length = max_length;

192

pkts->base = base;

193

fprintf(stderr, "In pcap %s, npkts %d\nmax pkt length %ld\nbase port %d\n", file, n_pkts, max_length, base);

194

pcap_close(pcap);

195

196

return 0;

197

}

198

199

void free_pkts(pcap_pkts *pkts) {

200

pcap_pkt *pkt_index;

201

while (pkt_index < pkts->max) {

202

free(pkt_index->data);

203

}

204

free(pkts->pkts);

205

}

Older »