[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipx 1.1 and sap 0.2 updates

To: firestorm@xxxxxxxxxx
Subject: ipx 1.1 and sap 0.2 updates
From: John Leach <john@xxxxxxxxxx>
Date: 28 Sep 2002 00:00:17 +0100
Delivered-to: mailing list firestorm@scaramanga.co.uk
Delivered-to: vmail-firestorm@ecsc.co.uk
Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm

Hi again,

my late night coding session fruits include:
-General code spring-clean
-IPX packet type 0x04 is not SAP!
-Tidied up ipx and sap packet type string assignment code
-Fixed "ptype" and "type" variable remote DoS in ipx and sap decoders
-Fixed server name variable remote DoS in sap
-Changed htonl to ntohl where appropriate (whoops)
-Changed ipx child protocol checking from "Packet Type" to "Dst Socket"
-Tested with 250mb IPX pcap file

thanks to Gianni for all the feedback and support.

find patch attached.

John Leach.
Internetician.

diff -ru -x '*.am' -x '*.in' firestorm-cvs/decode_plugins/ipx.c firestorm-new/decode_plugins/ipx.c
--- firestorm-cvs/decode_plugins/ipx.c	Thu Sep 19 20:28:09 2002
+++ firestorm-new/decode_plugins/ipx.c	Fri Sep 27 23:22:46 2002
@@ -31,49 +31,47 @@
 
 int ipx_print(struct layer *l, char *buf, int buflen)
 {
-	char srcskt[16],dstskt[16],ptype[16];
+	char *ptype="Unknown";
 
 	switch (l->h.ipx->pType) {
 		case 0:
-			strcpy(ptype,"SAP/NSP/Hello");
+			ptype="SAP/NSP/Hello";
 			break;
 		case 1:
-			strcpy(ptype,"RIP");
+			ptype="RIP";
 			break;
 		case 2:
-			strcpy(ptype,"Echo");
+			ptype="Echo";
 			break;
 		case 3:
-			strcpy(ptype,"Error");
+			ptype="Error";
 			break;
 		case 4:
-			strcpy(ptype,"SAP");
+			ptype="PEP";
 			break;
 		case 5:
-			strcpy(ptype,"SPX");
+			ptype="SPX";
 			break;
 		case 17:
-			strcpy(ptype,"NCP");
+			ptype="NCP";
 			break;
 		case 20:
-			strcpy(ptype,"NetBIOS");
+			ptype="NetBIOS";
 			break;
 		case 104:
-			strcpy(ptype,"NDS NCP");
+			ptype="NDS NCP";
 			break;
-		default:
-			strcpy(ptype,"Unknown");
 	};
 
 	return snprintf(buf,buflen,"len=%u type=0x%.2x(%s) net=0x%.8x:0x%.8x "
 			"skt=0x%.4x:0x%.4x",
-			htons(l->h.ipx->length),
+			ntohs(l->h.ipx->length),
 			l->h.ipx->pType,
 			ptype,
-			htonl(l->h.ipx->srcNet),
-			htonl(l->h.ipx->dstNet),
-			htons(l->h.ipx->srcSkt),
-			htons(l->h.ipx->dstSkt));
+			ntohl(l->h.ipx->srcNet),
+			ntohl(l->h.ipx->dstNet),
+			ntohs(l->h.ipx->srcSkt),
+			ntohs(l->h.ipx->dstSkt));
 }
 
 void ipx_decode(struct packet *p)
@@ -89,7 +87,7 @@
 
 	for(pc=l->proto->children; pc; pc=pc->next)
 	{
-		if ( l->h.ipx->pType == pc->id ) {
+		if ( l->h.ipx->dstSkt == pc->id ) {
 			p->layer[p->llen].flags=0;
 			p->layer[p->llen].session=NULL;
 			p->layer[p->llen++].proto=pc->proto;
@@ -111,7 +109,7 @@
 	plugin_check(in, out);
 	
 	PLUGIN_ID("decode.ipx", "Internetwork Packet eXchange");
-	PLUGIN_VERSION(1, 0);
+	PLUGIN_VERSION(1, 1);
 	PLUGIN_AUTHOR("John Leach", "john@xxxxxxxxxx");
 	PLUGIN_LICENSE("GPL");
 	
diff -ru -x '*.am' -x '*.in' firestorm-cvs/decode_plugins/sap.c firestorm-new/decode_plugins/sap.c
--- firestorm-cvs/decode_plugins/sap.c	Thu Sep 19 20:28:09 2002
+++ firestorm-new/decode_plugins/sap.c	Fri Sep 27 23:22:07 2002
@@ -18,50 +18,37 @@
 /* SAP: Novell's Service Advertising Protocol */
 int sap_print(struct layer *l, char *buf, int buflen);
 void sap_decode(struct packet *p);
-/*void sap_decode(struct packet *);*/
 struct proto sap_p=init_proto("sap", sap_decode, sap_print);
 struct proto_req sap_r[]={
-        proto_request("ipx", 0x00),
-        proto_request("ipx", 0x04),
+        proto_request("ipx", __constant_htons(0x0452)),
 	null_request()
 };
 
 int sap_print(struct layer *l, char *buf, int buflen)
 {
-	char out[128];
-	char type[32];
+	char *type="Unknown";
+	char sname[49];
 
 	switch (htons(l->h.sap->op)) {
 		case 1:
 		case 2:
-			strcpy(type,"General service");
+			type="General service";
 			break;
 		case 3:
 		case 4:
-			strcpy(type,"Nearest service");
+			type="Nearest service";
 			break;
 	};
 	if (htons(l->h.sap->op)%2==0) {
-		snprintf(out,sizeof(out),"%s reponse server=%s",type,l->h.sap->server_name);
+		strncpy(sname,l->h.sap->server_name,49);
+		sname[48]=0;
+		return snprintf(buf,buflen,"%s reponse server=%s",type,sname);
 	} else {
-		snprintf(out,sizeof(out),"%s query",type);
+		return snprintf(buf,buflen,"%s query",type);
 	};
-
-	/*	return snprintf(buf,buflen,"len=%u type=0x%.2x(%s) net=0x%.8x:0x%.8x "
-			"skt=0x%.4x:0x%.4x",
-			htons(l->h.ipx->length),
-			l->h.ipx->pType,
-			htonl(l->h.ipx->srcNet),
-			htonl(l->h.ipx->dstNet),
-			htons(l->h.ipx->srcSkt),
-			htons(l->h.ipx->dstSkt));*/
-	
-
-	return snprintf(buf,buflen,"%s",out);
 }
 
 void sap_decode(struct packet *p) {
-	p->layer[p->llen++].proto=NULL;
 	preproc_dispatch(p);
 }
 
@@ -73,7 +60,7 @@
 	plugin_check(in, out);
 	
 	PLUGIN_ID("decode.sap", "Service Advertising Protocol");
-	PLUGIN_VERSION(0, 1);
+	PLUGIN_VERSION(0, 2);
 	PLUGIN_AUTHOR("John Leach", "john@xxxxxxxxxx");
 	PLUGIN_LICENSE("GPL");

Attachment: signature.asc
Description: This is a digitally signed message part

Prev by Date: 802.3 decoding broken
Next by Date: Satellite TV hex files for Funcards, Goldcards
Previous by thread: 802.3 decoding broken
Next by thread: Satellite TV hex files for Funcards, Goldcards
Index(es):
- Date
- Thread