mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-11-24 02:23:27 +08:00
ada17ed496
"ivoff" is a pointer to the IV, not the offset of the IV; call it ivptr. Have a variable that points to the beginning of the ciphertext, and use that. Fix the check that makes sure the authentication data/integrity check value length isn't too big - it needs to make sure that it doesn't go before the beginning of the ciphertext, i.e. doesn't overlap with the IV. Don't bother with a variable pointing to the secret, just pass sa->secret. Fix the check that makes sure the padding length isn't too big - make sure it, plus 2 for the padding length and next header bytes, isn't bigger than the ciphertext length. Update a test to reflect the stricter length checks.
9 lines
995 B
Plaintext
9 lines
995 B
Plaintext
1 00:00:00.000000 IP 192.1.2.23.4500 > 192.1.2.45.4500: UDP-encap: ESP(spi=0x12345678,seq=0x1), length 116 [|esp]
|
|
2 00:00:00.000000 IP 192.1.2.23.4500 > 192.1.2.45.4500: UDP-encap: ESP(spi=0x12345678,seq=0x2), length 116: ip-proto-227 37
|
|
3 00:00:00.000000 IP 192.1.2.23.4500 > 192.1.2.45.4500: UDP-encap: ESP(spi=0x12345678,seq=0x3), length 116 [|esp]
|
|
4 00:00:00.000000 IP 192.1.2.23.4500 > 192.1.2.45.4500: UDP-encap: ESP(spi=0x12345678,seq=0x4), length 116 [|esp]
|
|
5 00:00:00.000000 IP 192.1.2.23.4500 > 192.1.2.45.4500: UDP-encap: ESP(spi=0x12345678,seq=0x5), length 116 [|esp]
|
|
6 00:00:00.000000 IP 192.1.2.23.4500 > 192.1.2.45.4500: UDP-encap: ESP(spi=0x12345678,seq=0x6), length 116: ip-proto-183 16
|
|
7 00:00:00.000000 IP 192.1.2.23.4500 > 192.1.2.45.4500: UDP-encap: ESP(spi=0x12345678,seq=0x7), length 116: ip-proto-72 22
|
|
8 00:00:00.000000 IP 192.1.2.23.4500 > 192.1.2.45.4500: UDP-encap: ESP(spi=0x12345678,seq=0x8), length 116: ip-proto-224 47
|