mirrors/tcpdump
0
0
Fork 0
mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2024-11-23 18:14:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make sure the packet isn't cut short before verifying the MD5 signature.

Browse Source 
Indicate why we can't verify the MD5 signature.
This commit is contained in:
Guy Harris 2009-02-26 01:45:39 -08:00
parent 0cd29d2917
commit e195fc87a8
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
print-tcp.c
View File

@ -747,10 +747,17 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
u_int8_t nxt;
#endif
if (data + length > snapend) {
printf("snaplen too short, ");
return (CANT_CHECK_SIGNATURE);
}
tp1 = *tp;
if (sigsecret == NULL)
if (sigsecret == NULL) {
printf("shared secret not supplied with -M, ");
return (CANT_CHECK_SIGNATURE);
}
MD5_Init(&ctx);
/*
@ -778,8 +785,14 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp,
nxt = IPPROTO_TCP;
MD5_Update(&ctx, (char *)&nxt, sizeof(nxt));
#endif
} else
} else {
#ifdef INET6
printf("IP version not 4 or 6, ");
#else
printf("IP version not 4, ");
#endif
return (CANT_CHECK_SIGNATURE);
}
/*
* Step 2: Update MD5 hash with TCP header, excluding options.