Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve packet_forgery_v6 #791

Merged
merged 2 commits into from
Jul 8, 2021
Merged

Improve packet_forgery_v6 #791

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
875d438
Clean up forge_icmp_v6_packet
ArnoStiefvater Jul 7, 2021
93511d3
Add changelog entry
ArnoStiefvater Jul 7, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Removed
### Fixed

- Fix clang-analyzer warnings. [#791](https://github.com/greenbone/openvas/pull/791)

[Unreleased]: https://github.com/greenbone/openvas-scanner/compare/v20.8.2...HEAD


Expand Down
82 changes: 43 additions & 39 deletions nasl/nasl_packet_forgery_v6.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1266,7 +1266,6 @@ forge_icmp_v6_packet (lex_ctxt *lexic)

bcopy (ip6, ip6_icmp, ip6_sz);
p = (char *) (pkt + ip6_sz);

icmp = (struct icmp6_hdr *) p;

icmp->icmp6_code = get_int_var_by_name (lexic, "icmp_code", 0);
Expand All @@ -1286,66 +1285,68 @@ forge_icmp_v6_packet (lex_ctxt *lexic)
break;
case ND_ROUTER_SOLICIT:
{
if (data != NULL)
bcopy (data, &(p[8]), len);
routersolicit = g_malloc0 (sizeof (struct nd_router_solicit));
pkt =
g_realloc (pkt, ip6_sz + sizeof (struct nd_router_solicit) + len);
ip6_icmp = (struct ip6_hdr *) pkt;
p = (char *) (pkt + ip6_sz);
struct icmp6_hdr *rs = &routersolicit->nd_rs_hdr;
// Update ip6_icmp because it gets used again below
ip6_icmp = (struct ip6_hdr *) pkt;
routersolicit = (struct nd_router_solicit *) p;
rs->icmp6_type = icmp->icmp6_type;
rs->icmp6_code = icmp->icmp6_code;
rs->icmp6_cksum = icmp->icmp6_cksum;
((struct icmp6_hdr *) routersolicit)->icmp6_type = icmp->icmp6_type;
((struct icmp6_hdr *) routersolicit)->icmp6_code = icmp->icmp6_code;
((struct icmp6_hdr *) routersolicit)->icmp6_cksum =
icmp->icmp6_cksum;
size = ip6_sz + sizeof (struct nd_router_solicit) + len;
sz = 4; /*type-1 byte, code-1byte, cksum-2bytes */
}
break;
case ND_ROUTER_ADVERT:
{
if (data != NULL)
bcopy (data, &(p[8]), len);
routeradvert = g_malloc0 (sizeof (struct nd_router_advert));
/*do we need lifetime?? Not taking lifetime?? */
pkt = g_realloc (
pkt,
ip6_sz + sizeof (struct nd_router_advert) - 8
+ len); /*not taking lifetime(8 bytes) into consideration */
ip6_icmp = (struct ip6_hdr *) pkt;
pkt =
g_realloc (pkt, ip6_sz + sizeof (struct nd_router_advert) + len);
p = (char *) (pkt + ip6_sz);
struct icmp6_hdr *ra = &routeradvert->nd_ra_hdr;
// Update ip6_icmp because it gets used again below
ip6_icmp = (struct ip6_hdr *) pkt;
// Let routeradvert point to routeradvert location in pkt
routeradvert = (struct nd_router_advert *) p;
ra->icmp6_type = icmp->icmp6_type;
ra->icmp6_code = icmp->icmp6_code;
ra->icmp6_cksum = icmp->icmp6_cksum;
// Set icmp6 header members
((struct icmp6_hdr *) routeradvert)->icmp6_type = icmp->icmp6_type;
((struct icmp6_hdr *) routeradvert)->icmp6_code = icmp->icmp6_code;
((struct icmp6_hdr *) routeradvert)->icmp6_cksum =
icmp->icmp6_cksum;
routeradvert->nd_ra_reachable =
get_int_var_by_name (lexic, "reachable_time", 0);
routeradvert->nd_ra_retransmit =
get_int_var_by_name (lexic, "retransmit_timer", 0);
routeradvert->nd_ra_curhoplimit = ip6_icmp->ip6_hlim;
routeradvert->nd_ra_flags_reserved =
get_int_var_by_name (lexic, "flags", 0);
size = ip6_sz + sizeof (struct nd_router_advert) - 8
+ len; /*not taking lifetime(8 bytes) into consideration */
sz = 5; /*type-1 byte, code-1byte, cksum-2bytes, current
hoplimit-1byte */
size = ip6_sz + sizeof (struct nd_router_advert) + len;
sz = 5; /*type-1 byte, code-1byte, cksum-2bytes, current
hoplimit-1byte */
}
break;
case ND_NEIGHBOR_SOLICIT:
{
neighborsolicit = g_malloc0 (sizeof (struct nd_neighbor_solicit));
// Make room for nd_neighbor_solicit.nd_ns_target in packet
pkt = g_realloc (pkt, ip6_sz + sizeof (struct nd_neighbor_solicit)
+ len);
ip6_icmp = (struct ip6_hdr *) pkt;
// Let p point to the start of nd_neighbor_solicit
p = (char *) (pkt + ip6_sz);
struct icmp6_hdr *ns = &neighborsolicit->nd_ns_hdr;
neighborsolicit = (struct nd_neighbor_solicit *) p;
// Update ip6_icmp because it gets used again below
ip6_icmp = (struct ip6_hdr *) pkt;
// Fill in user date if provided
if (data != NULL)
bcopy (data, &(p[24]), len);
ns->icmp6_type = icmp->icmp6_type;
ns->icmp6_code = icmp->icmp6_code;
ns->icmp6_cksum = icmp->icmp6_cksum;
memmove (&(p[8 + 16]), data, len);
// Let neighborsolicit point to nd_neighbor_solicit location in pkt
neighborsolicit = (struct nd_neighbor_solicit *) p;
// Set icmp6 header members
((struct icmp6_hdr *) neighborsolicit)->icmp6_type =
icmp->icmp6_type;
((struct icmp6_hdr *) neighborsolicit)->icmp6_code =
icmp->icmp6_code;
((struct icmp6_hdr *) neighborsolicit)->icmp6_cksum =
icmp->icmp6_cksum;
// Set nd_ns_target
memcpy (&neighborsolicit->nd_ns_target, &ip6_icmp->ip6_dst,
sizeof (struct in6_addr)); /*dst ip should be link local */
size = ip6_sz + sizeof (struct nd_neighbor_solicit) + len;
Expand All @@ -1354,16 +1355,19 @@ forge_icmp_v6_packet (lex_ctxt *lexic)
break;
case ND_NEIGHBOR_ADVERT:
{
neighboradvert = g_malloc0 (sizeof (struct nd_neighbor_advert));
pkt = g_realloc (pkt,
ip6_sz + sizeof (struct nd_neighbor_advert) + len);
// Update ip6_icmp because it gets used again below
ip6_icmp = (struct ip6_hdr *) pkt;
p = (char *) (pkt + 40);
struct icmp6_hdr *na = &neighboradvert->nd_na_hdr;
neighboradvert = (struct nd_neighbor_advert *) p;
na->icmp6_type = icmp->icmp6_type;
na->icmp6_code = icmp->icmp6_code;
na->icmp6_cksum = icmp->icmp6_cksum;
// Set icmp6 header members
((struct icmp6_hdr *) neighboradvert)->icmp6_type =
icmp->icmp6_type;
((struct icmp6_hdr *) neighboradvert)->icmp6_code =
icmp->icmp6_code;
((struct icmp6_hdr *) neighboradvert)->icmp6_cksum =
icmp->icmp6_cksum;
neighboradvert->nd_na_flags_reserved =
get_int_var_by_name (lexic, "flags", 0);
if (neighboradvert->nd_na_flags_reserved & 0x00000020)
Expand Down