renaud at nessus
Jan 15, 2003, 6:50 PM
Post #1 of 1
(430 views)
Permalink
|
|
libnasl/nasl nasl_packet_forgery.c,1.4,1.5 nasl_init.c,1.7,1.8
|
|
Update of /usr/local/cvs/libnasl/nasl
In directory raccoon.nessus.org:/tmp/cvs-serv14893
Modified Files:
nasl_packet_forgery.c nasl_init.c
Log Message:
o Fixed a bug in forge_udp_packet() where the length of the variable would
contain the length of the payload twice
o Added the argument <data> to set_udp_elements()
Index: nasl_packet_forgery.c
===================================================================
RCS file: /usr/local/cvs/libnasl/nasl/nasl_packet_forgery.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- nasl_packet_forgery.c 14 Jan 2003 20:15:58 -0000 1.4
+++ nasl_packet_forgery.c 16 Jan 2003 01:50:33 -0000 1.5
@@ -687,7 +687,7 @@
retc = alloc_tree_cell(0, NULL);
retc->type = CONST_DATA;
retc->x.str_val = pkt;
- retc->size = ntohs(udp->uh_ulen) + ip->ip_hl * 4 + data_len;
+ retc->size = ntohs(udp->uh_ulen) + ip->ip_hl * 4;
return retc;
}
else printf("Error ! You must supply the 'ip' argument !\n");
@@ -750,16 +750,37 @@
{
struct ip * ip = (struct ip*)get_str_local_var_by_name(lexic, "udp");
int sz = get_local_var_size_by_name(lexic, "udp");
+ char * data = get_str_local_var_by_name(lexic, "data");
+ int data_len = get_local_var_size_by_name(lexic, "data");
if( ip != NULL )
{
- char * pkt = emalloc(sz);
+ char * pkt = emalloc(sz + data_len);
struct udphdr * udp;
tree_cell * retc;
int old_len;
- bcopy(ip, pkt, sz);
+ if(data != NULL)
+ {
+ sz = ip->ip_hl * 4 + 8 + data_len;
+ pkt = emalloc(sz);
+ bcopy(ip, pkt, ip->ip_hl * 4 + 8);
+ }
+ else
+ {
+ pkt = emalloc(sz);
+ bcopy(ip, pkt, sz);
+ }
+
+
+
ip = (struct ip *)pkt;
+ if(data != NULL)
+ {
+ ip->ip_len = FIX(sz);
+ ip->ip_sum = 0;
+ ip->ip_sum = np_in_cksum(ip, ip->ip_hl * 4);
+ }
udp = (struct udphdr*)(pkt + ip->ip_hl * 4);
@@ -769,17 +790,28 @@
udp->uh_ulen = htons(get_int_local_var_by_name(lexic, "uh_ulen", ntohs(udp->uh_ulen)));
udp->uh_sum = get_int_local_var_by_name(lexic, "uh_sum", 0);
+ if(data != NULL)
+ {
+ bcopy(data, pkt + ip->ip_hl * 4 + 8, data_len);
+ udp->uh_ulen = htons(8 + data_len);
+ }
+
if(udp->uh_sum == 0)
{
struct pseudo_udp_hdr pseudohdr;
struct in_addr source, dest;
int len = old_len - 8;
char * udpsumdata;
- char * data = NULL;
+ char * ptr = NULL;
+
+ if(data != NULL)
+ {
+ len = data_len;
+ }
if(len > 0)
{
- data = (char*)udp + sizeof(struct udphdr);
+ ptr = (char*)udp + sizeof(struct udphdr);
}
@@ -796,9 +828,9 @@
pseudohdr.len = htons(sizeof(struct udphdr) + len);
bcopy((char*)udp, (char*)&pseudohdr.udpheader, sizeof(struct udphdr));
bcopy((char*)&pseudohdr, udpsumdata, sizeof(pseudohdr));
- if(data != NULL)
+ if(ptr != NULL)
{
- bcopy((char*)data, udpsumdata + sizeof(pseudohdr), len );
+ bcopy((char*)ptr, udpsumdata + sizeof(pseudohdr), len );
}
udp->uh_sum = np_in_cksum((unsigned short*)udpsumdata, 12 + sizeof(struct udphdr) + len);
efree(&udpsumdata);
@@ -1182,6 +1214,8 @@
len = dfl_len;
else
len = get_var_size_by_num(lexic, vi - 1);
+
+
b = sendto(soc, (u_char*)ip, len, 0, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
if(b < 0)
Index: nasl_init.c
===================================================================
RCS file: /usr/local/cvs/libnasl/nasl/nasl_init.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- nasl_init.c 14 Jan 2003 20:44:42 -0000 1.7
+++ nasl_init.c 16 Jan 2003 01:50:33 -0000 1.8
@@ -190,7 +190,7 @@
{ "element", "udp", NULL },
"set_udp_elements", set_udp_elements, 0,
- { "udp", "uh_dport", "uh_sport", "uh_sum", "uh_ulen", NULL },
+ { "data", "udp", "uh_dport", "uh_sport", "uh_sum", "uh_ulen", NULL },
|
