[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

802.3 decoding broken

To: firestorm@xxxxxxxxxx
Subject: 802.3 decoding broken
From: John Leach <john@xxxxxxxxxx>
Date: 27 Sep 2002 22:43:30 +0100
Delivered-to: mailing list firestorm@scaramanga.co.uk
Delivered-to: vmail-firestorm@ecsc.co.uk
Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm

Hi,

checking of 802.3  is done incorrectly (is length < 1500 rather than the
correct is length <= 1500)

find patch attached.

John Leach.
Security Mountaineer

diff -ru -x '*.am' -x '*.in' firestorm-cvs/decode_plugins/ether.c firestorm-new/decode_plugins/ether.c
--- firestorm-cvs/decode_plugins/ether.c	Fri Sep 27 22:36:32 2002
+++ firestorm-new/decode_plugins/ether.c	Fri Sep 27 22:32:21 2002
@@ -75,7 +75,7 @@
 		b+=sprintf(b, "%02x%c", *x&0xFF, c==5 ? ' ' : ':');
 
 	proto=htons(l->h.eth->proto);
-	if ( proto < 1500 ) {
+	if ( proto <= 1500 ) {
 		b+=sprintf(b, "length=%u", proto);
 	}else{
 		b+=sprintf(b, "proto=0x%.4x", proto);
@@ -181,7 +181,7 @@
 		> p->end ) goto err;
 
 	/* Check if we are 802.3 and change accordingly */
-	if ( htons(l->h.eth->proto)<1500 ) {
+	if ( htons(l->h.eth->proto)<=1500 ) {
 		/* Ugly hack for Novell Netware IPX frames */
 		if ( (p->layer[p->llen].h.raw+2 < p->end) &&
 			((unsigned char *)p->layer[p->llen].h.raw)[0]==0xff &&

Attachment: signature.asc
Description: This is a digitally signed message part

Prev by Date: Re: firestorm IPX and SAP decoding
Next by Date: ipx 1.1 and sap 0.2 updates
Previous by thread: firestorm IPX and SAP decoding
Next by thread: ipx 1.1 and sap 0.2 updates
Index(es):
- Date
- Thread