From 6bf15bac3180f7a82b5a61abb9cedb486ab0a1b3 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Wed, 26 Oct 2011 11:58:45 +0200 Subject: [PATCH] Fix various packet access. The coccinelle based tests have detected invalid uses of access to Packet data. This patch fixes the detected problems. --- src/defrag.c | 3 --- src/detect.c | 48 +++++++++++++++++++--------------------------- src/flow-timeout.c | 8 ++++---- 3 files changed, 24 insertions(+), 35 deletions(-) diff --git a/src/defrag.c b/src/defrag.c index 0f54d3e554..066dc60432 100644 --- a/src/defrag.c +++ b/src/defrag.c @@ -1276,8 +1276,6 @@ BuildTestPacket(uint16_t id, uint16_t off, int mf, const char content, PACKET_INITIALIZE(p); - p->pkt = ((uint8_t *)p) + sizeof(*p); - gettimeofday(&p->ts, NULL); //p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p); ip4h.ip_verhl = 4 << 4; @@ -1350,7 +1348,6 @@ IPV6BuildTestPacket(uint32_t id, uint16_t off, int mf, const char content, PACKET_INITIALIZE(p); - p->pkt = ((uint8_t *)p) + sizeof(*p); gettimeofday(&p->ts, NULL); ip6h.s_ip6_nxt = 44; diff --git a/src/detect.c b/src/detect.c index 7d89bc7766..59c99d510f 100644 --- a/src/detect.c +++ b/src/detect.c @@ -6322,31 +6322,27 @@ int SigTest26TCPV4Keyword(void) memset(p2, 0, SIZE_OF_PACKET); p2->pkt = (uint8_t *)(p2 + 1); - memcpy(p1->pkt, raw_ipv4, sizeof(raw_ipv4)); - p1->pktlen = sizeof(raw_ipv4); - memcpy(p1->pkt + p1->pktlen, valid_raw_tcp, sizeof(valid_raw_tcp)); - p1->pktlen += sizeof(valid_raw_tcp); + PacketCopyData(p1, raw_ipv4, sizeof(raw_ipv4)); + PacketCopyDataOffset(p1, GET_PKT_LEN(p1), valid_raw_tcp, sizeof(valid_raw_tcp)); - memcpy(p2->pkt, raw_ipv4, sizeof(raw_ipv4)); - p2->pktlen = sizeof(raw_ipv4); - memcpy(p2->pkt + p2->pktlen, invalid_raw_tcp, sizeof(invalid_raw_tcp)); - p2->pktlen += sizeof(invalid_raw_tcp); + PacketCopyData(p2, raw_ipv4, sizeof(raw_ipv4)); + PacketCopyDataOffset(p2, GET_PKT_LEN(p2), invalid_raw_tcp, sizeof(invalid_raw_tcp)); p1->tcpvars.comp_csum = -1; - p1->ip4h = (IPV4Hdr *)p1->pkt; - p1->tcph = (TCPHdr *)(p1->pkt + sizeof(raw_ipv4)); + p1->ip4h = (IPV4Hdr *)GET_PKT_DATA(p1); + p1->tcph = (TCPHdr *)(GET_PKT_DATA(p1) + sizeof(raw_ipv4)); p1->src.family = AF_INET; p1->dst.family = AF_INET; - p1->payload = (uint8_t *)p1->pkt + sizeof(raw_ipv4) + 20; + p1->payload = (uint8_t *)GET_PKT_DATA(p1) + sizeof(raw_ipv4) + 20; p1->payload_len = 20; p1->proto = IPPROTO_TCP; p2->tcpvars.comp_csum = -1; - p2->ip4h = (IPV4Hdr *)p2->pkt; - p2->tcph = (TCPHdr *)(p2->pkt + sizeof(raw_ipv4)); + p2->ip4h = (IPV4Hdr *)GET_PKT_DATA(p2); + p2->tcph = (TCPHdr *)(GET_PKT_DATA(p2) + sizeof(raw_ipv4)); p2->src.family = AF_INET; p2->dst.family = AF_INET; - p2->payload = (uint8_t *)p2->pkt + sizeof(raw_ipv4) + 20; + p2->payload = (uint8_t *)GET_PKT_DATA(p2) + sizeof(raw_ipv4) + 20; p2->payload_len = 20; p2->proto = IPPROTO_TCP; @@ -6438,31 +6434,27 @@ int SigTest27NegativeTCPV4Keyword(void) memset(p2, 0, SIZE_OF_PACKET); p2->pkt = (uint8_t *)(p2 + 1); - memcpy(p1->pkt, raw_ipv4, sizeof(raw_ipv4)); - p1->pktlen = sizeof(raw_ipv4); - memcpy(p1->pkt + p1->pktlen, valid_raw_tcp, sizeof(valid_raw_tcp)); - p1->pktlen += sizeof(valid_raw_tcp); + PacketCopyData(p1, raw_ipv4, sizeof(raw_ipv4)); + PacketCopyDataOffset(p1, GET_PKT_LEN(p1), valid_raw_tcp, sizeof(valid_raw_tcp)); - memcpy(p2->pkt, raw_ipv4, sizeof(raw_ipv4)); - p2->pktlen = sizeof(raw_ipv4); - memcpy(p2->pkt + p2->pktlen, invalid_raw_tcp, sizeof(invalid_raw_tcp)); - p2->pktlen += sizeof(invalid_raw_tcp); + PacketCopyData(p2, raw_ipv4, sizeof(raw_ipv4)); + PacketCopyDataOffset(p2, GET_PKT_LEN(p2), invalid_raw_tcp, sizeof(invalid_raw_tcp)); p1->tcpvars.comp_csum = -1; - p1->ip4h = (IPV4Hdr *)p1->pkt; - p1->tcph = (TCPHdr *)(p1->pkt + sizeof(raw_ipv4)); + p1->ip4h = (IPV4Hdr *)GET_PKT_DATA(p1); + p1->tcph = (TCPHdr *)(GET_PKT_DATA(p1) + sizeof(raw_ipv4)); p1->src.family = AF_INET; p1->dst.family = AF_INET; - p1->payload = (uint8_t *)p1->pkt + sizeof(raw_ipv4) + 20; + p1->payload = (uint8_t *)GET_PKT_DATA(p1) + sizeof(raw_ipv4) + 20; p1->payload_len = 20; p1->proto = IPPROTO_TCP; p2->tcpvars.comp_csum = -1; - p2->ip4h = (IPV4Hdr *)p2->pkt; - p2->tcph = (TCPHdr *)(p2->pkt + sizeof(raw_ipv4)); + p2->ip4h = (IPV4Hdr *)GET_PKT_DATA(p2); + p2->tcph = (TCPHdr *)(GET_PKT_DATA(p2) + sizeof(raw_ipv4)); p2->src.family = AF_INET; p2->dst.family = AF_INET; - p2->payload = (uint8_t *)p2->pkt + sizeof(raw_ipv4) + 20; + p2->payload = (uint8_t *)GET_PKT_DATA(p2) + sizeof(raw_ipv4) + 20; p2->payload_len = 20; p2->proto = IPPROTO_TCP; diff --git a/src/flow-timeout.c b/src/flow-timeout.c index ee12722469..49e899cb03 100644 --- a/src/flow-timeout.c +++ b/src/flow-timeout.c @@ -115,7 +115,7 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p, p->payload_len = 0; if (f->src.family == AF_INET) { /* set the ip header */ - p->ip4h = (IPV4Hdr *)p->pkt; + p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p); /* version 4 and length 20 bytes for the tcp header */ p->ip4h->ip_verhl = 0x45; p->ip4h->ip_tos = 0; @@ -134,11 +134,11 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p, } /* set the tcp header */ - p->tcph = (TCPHdr *)((uint8_t *)p->pkt + 20); + p->tcph = (TCPHdr *)((uint8_t *)GET_PKT_DATA(p) + 20); } else { /* set the ip header */ - p->ip6h = (IPV6Hdr *)p->pkt; + p->ip6h = (IPV6Hdr *)GET_PKT_DATA(p); /* version 6 */ p->ip6h->s_ip6_vfc = 0x60; p->ip6h->s_ip6_flow = 0; @@ -166,7 +166,7 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p, } /* set the tcp header */ - p->tcph = (TCPHdr *)((uint8_t *)p->pkt + 40); + p->tcph = (TCPHdr *)((uint8_t *)GET_PACKET_DATA(p) + 40); } p->tcph->th_offx2 = 0x50;