diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index c380e40..e32de0e 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -29,8 +29,9 @@ jobs: - name: Install C++ dependencies on Ubuntu if: startsWith(matrix.os, 'ubuntu') run: | - sudo apt install libtool autoconf automake g++ libboost-all-dev libssl-dev libpcap-dev libcairo2-dev - automake --help + sudo apt update -y + sudo apt -y install libtool autoconf automake g++ libboost-all-dev libssl-dev libpcap-dev libcairo2-dev + automake --help - name: c/c++ test run: | diff --git a/ChangeLog b/ChangeLog index 860ec23..3e6c674 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,11 @@ +2026-01-29 Simson Garfinkel + * Corrected 1-byte out of bounds error as reported in https://github.com/simsong/tcpflow/security/advisories/GHSA-q5q6-frrv-9rj6 + * updated version number to 1.6.2 + 2018-11-18 Simson Garfinkel * updated for pcap_findalldevs * added -Wno-address-of-packed-member to avoid error - + 2017-07-12 Simson Garfinkel * updated to work with Fedora 26 compilers * Found bug in sbuf.cpp @@ -63,7 +67,7 @@ 2013-03-30 Simson Garfinkel - * src/scan_tcpdemux.cpp (scan_tcpdemux): added -S tcp_timeout + * src/scan_tcpdemux.cpp (scan_tcpdemux): added -S tcp_timeout 2013-03-03 Simson Garfinkel @@ -116,7 +120,7 @@ 2012-12-22 Simson Garfinkel - * src/be13_api/sbuf.cpp (sbuf_t::map_file): + * src/be13_api/sbuf.cpp (sbuf_t::map_file): * src/scan_http.cpp (scan_http_cbo::on_headers_complete): changed retrying_open to open() to eliminate dependency on tcpdemux @@ -143,7 +147,7 @@ 2012-12-07 Simson Garfinkel - * src/tcpdemux.h (class flow_addr): fixed operator< type + * src/tcpdemux.h (class flow_addr): fixed operator< type 2012-11-17 Simson Garfinkel @@ -162,9 +166,9 @@ * src/plugin.cpp (process_sbuf): renamed process_extract to process_sbuf and put it here. 2012-11-06 Simson Garfinkel - + * src/tcpdemux.cpp (tcpdemux::process_tcp): first packet sense was inverted. Fixed. - + * src/main.cpp (main): renamed main.cpp to tcpflow.cpp 2012-11-05 Simson Garfinkel @@ -195,7 +199,7 @@ * src/tcpdemux.cpp (tcpdemux::open_tcpfile): now asserts that file is not open (tcpdemux::open_tcpfile): retrying_fopen changed to retrying_open (tcpdemux::process_tcp): completely rewrote the TCP implementation - (tcpdemux::process_ip4): + (tcpdemux::process_ip4): The old state machine kept tract of each flow's initial sequence number (ISN) and computed the absolute 32-bit position within the @@ -265,7 +269,7 @@ 2012-08-10 Simson Garfinkel * configure.ac (HAVE_PTHREAD): fixed typo in configure.ac - + 2012-08-08 Simson Garfinkel * src/tcpdemux.h: removed struct ip as it was redundent to struct iphdr @@ -291,7 +295,7 @@ 2012-06-26 mike * src/datalink.cpp (dl_null): moved ETHERTYPE_IPV6 from sysdep.h - to datalink.cpp + to datalink.cpp 2012-06-18 Simson Garfinkel @@ -316,7 +320,7 @@ 2012-04-19 Simson Garfinkel * configure.ac: incremented version to 1.2.6 (1.2.5 had a bad tag) - + * src/tcpip.cpp (tcpip::print_packet): fixed error in fwrite(). @@ -352,7 +356,7 @@ 2012-03-11 Simson L. Garfinkel - * configure.ac: added -funit-at-a-time + * configure.ac: added -funit-at-a-time 2012-03-10 Simson Garfinkel @@ -437,7 +441,7 @@ 4739 8.399374 - + 2012-01-05 Simson Garfinkel @@ -591,12 +595,12 @@ 2003-08-07 Jeremy Elson * Released v0.21. Sticking to my strict schedule of releasing at least one minor release per year. :-) - + 2003-08-07 Jeremy Elson * src/main.c: Fixed format string attack. Found by David Goldsmith of atstake.com. - + 2002-03-29 Jeremy Elson * configure.in: Fixed --with-pcap (was broken since moving sources @@ -615,16 +619,16 @@ says "Otherwise, I can't redirect or pipe the console output. At least on FreeBSD. I will check later today if this also cures the same problems I had on OpenBSD." - + 2001-02-26 Jeremy Elson * Released version 0.20. - + * util.c, main.c: we now catch SIGTERM, SIGINT and SIGHUP, and call exit(). Should give libpcap a chance to reset the interface state (it calls onexit()). - + * main.c, tcpflow.1.in: Added patch from "Jose M. Alcaide" (FreeBSD port maintainer) so that tcpflow can read from tcpdump output files. @@ -640,7 +644,7 @@ 1999-04-20 Jeremy Elson * Released version 0.12. - + 1999-04-20 Jeremy Elson * tcpflow.1.in: Updated man page. @@ -658,15 +662,15 @@ * tcpflow.h: We use __attribute__ now only if __GNUC__ is defined, so that the code compiles on non-GCC compilers. - + * configure.in: Check for standards.h, for IRIX compatibility. (I have a custom autoconf that I changed to automatically #include standards.h, if the check succeeds, in future header file checks.) * sysdep.h: Conditional #include added. - + * configure.in: Only check for -lnsl if gethostbyaddr() doesn't work without it; same for -lsocket and socket(). - + * tcpip.c (process_ip, process_tcp, do_strip_nonprint, print_packet, store_packet): Changed to take a u_char. * tcpflow.h: Changed packet handling function argument prototypes @@ -686,7 +690,7 @@ 1999-04-13 Jeremy Elson * Released version 0.11. - + 1999-04-13 Jeremy Elson * tcpip.c (process_ip): Portability: added typecast of an int to a @@ -700,7 +704,7 @@ * sysdep.h: Linux libc5 systems have different names for certain structures. Patch sent by Johnny Tevessen - + * configure.in: All system header files are now detected by autoconf and conditionally included in sysdep.h. * sydep.h: Same. @@ -711,13 +715,9 @@ to reflect the fact that tcpflow.1 is now created by 'configure'. * configure.in: Same. * tcpflow.1.in: Same. - + * AUTHORS: Created & added initial entries. 1999-04-12 Jeremy Elson * Initial public release. - - - - diff --git a/configure.ac b/configure.ac index 2e02f38..7b9b007 100644 --- a/configure.ac +++ b/configure.ac @@ -7,7 +7,7 @@ # and http://www.openismus.com/documents/linux/automake/automake.shtml AC_PREREQ(2.57) -AC_INIT(TCPFLOW, 1.6.1, simsong@acm.org) +AC_INIT(TCPFLOW, 1.6.2, simsong@acm.org) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_FILES([Makefile src/Makefile tests/Makefile doc/Makefile]) diff --git a/src/wifipcap/wifipcap.cpp b/src/wifipcap/wifipcap.cpp index 35067d2..a052797 100644 --- a/src/wifipcap/wifipcap.cpp +++ b/src/wifipcap/wifipcap.cpp @@ -9,7 +9,7 @@ #include "config.h" // pull in HAVE_ defines -#define __STDC_FORMAT_MACROS +#define __STDC_FORMAT_MACROS #include #include @@ -55,11 +55,11 @@ int WifiPacket::debug=0; int MAC::print_fmt(MAC::PRINT_FMT_COLON); std::ostream& operator<<(std::ostream& out, const MAC& mac) { - const char *fmt = MAC::print_fmt == MAC::PRINT_FMT_COLON ? + const char *fmt = MAC::print_fmt == MAC::PRINT_FMT_COLON ? "%02x:%02x:%02x:%02x:%02x:%02x" : "%02x%02x%02x%02x%02x%02x"; char buf[24]; - sprintf(buf, fmt, + sprintf(buf, fmt, (int)((mac.val>>40)&0xff), (int)((mac.val>>32)&0xff), (int)((mac.val>>24)&0xff), @@ -82,7 +82,7 @@ struct tok { }; #if 0 -static const struct tok ethertype_values[] = { +static const struct tok ethertype_values[] = { { ETHERTYPE_IP, "IPv4" }, { ETHERTYPE_MPLS, "MPLS unicast" }, { ETHERTYPE_MPLS_MULTI, "MPLS multicast" }, @@ -411,7 +411,7 @@ void WifiPacket::handle_llc(const mac_hdr_t &mac,const u_char *ptr, size_t len,u cbs->HandleLLC(*this,&hdr, ptr+8, len-8); return; } - + cbs->HandleLLCUnknown(*this,ptr, len); } @@ -492,7 +492,7 @@ const char *Wifipcap::WifiUtil::MgmtReasonCode2Txt(uint v) { /////////////////////////////////////////////////////////////////////////////// // Jeff: HACK -- tcpdump uses a global variable to check truncation -#define TTEST2(_p, _l) ((const u_char *)&(_p) - p + (_l) <= (ssize_t)len) +#define TTEST2(_p, _l) ((const u_char *)&(_p) - p + (_l) <= (ssize_t)len) void WifiPacket::parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset, size_t len) { @@ -605,7 +605,7 @@ void WifiPacket::parse_elements(struct mgmt_body_t *pbody, const u_char *p, int if (pbody->tim.length <= 3) break; - if (pbody->rates.length > sizeof pbody->tim.bitmap) + if ((pbody->tim.length -3) > sizeof pbody->tim.bitmap) return; if (!TTEST2(*(p + offset), pbody->tim.length - 3)) return; @@ -932,7 +932,7 @@ WifiPacket::handle_deauth( const struct mgmt_header_t *pmh, const u_char *p, siz * * NOTE — this function and all that it calls should be handled as methods in WifipcapCallbacks */ - + int WifiPacket::decode_mgmt_body(u_int16_t fc, struct mgmt_header_t *pmh, const u_char *p, size_t len) { @@ -1014,13 +1014,13 @@ int WifiPacket::decode_data_frame(const u_char * ptr, size_t len, u_int16_t fc) if(FC_TYPE(fc)==2 && FC_SUBTYPE(fc)==8){ // quality of service? hdr.qos = 1; } - + size_t hdrlen=0; const MAC address1 = MAC::ether2MAC(ptr+4); const MAC address2 = MAC::ether2MAC(ptr+10); const MAC address3 = MAC::ether2MAC(ptr+16); - + /* call the 80211 callback data callback */ if (FC_TO_DS(fc)==0 && FC_FROM_DS(fc)==0) { /* ad hoc IBSS */ @@ -1061,9 +1061,9 @@ int WifiPacket::decode_data_frame(const u_char * ptr, size_t len, u_int16_t fc) /* Handle either the WEP or the link layer. This handles the data itself */ if (FC_WEP(fc)) { - handle_wep(ptr+hdrlen, len-hdrlen-4 ); + handle_wep(ptr+hdrlen, len-hdrlen-4 ); } else { - handle_llc(hdr, ptr+hdrlen, len-hdrlen-4, fc); + handle_llc(hdr, ptr+hdrlen, len-hdrlen-4, fc); } return 0; } @@ -1121,7 +1121,7 @@ int WifiPacket::decode_ctrl_frame(const u_char * ptr, size_t len, u_int16_t fc) cbs->Handle80211CtrlCFEnd( *this, &hdr); break; } - case CTRL_END_ACK: { + case CTRL_END_ACK: { ctrl_end_ack_t hdr; hdr.fc = fc; hdr.duration = du; @@ -1145,7 +1145,7 @@ int WifiPacket::decode_ctrl_frame(const u_char * ptr, size_t len, u_int16_t fc) #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */ #endif -void WifiPacket::handle_80211(const u_char * pkt, size_t len /* , int pad */) +void WifiPacket::handle_80211(const u_char * pkt, size_t len /* , int pad */) { if (debug) std::cerr << "handle_80211(len= " << len << " "; if (len < 2) { @@ -1174,14 +1174,14 @@ void WifiPacket::handle_80211(const u_char * pkt, size_t len /* , int pad */) // assume fcs is last 4 bytes (?) u_int32_t fcs_sent = EXTRACT_32BITS(pkt+len-4); u_int32_t fcs = crc32_802(pkt, len-4); - + /* if (fcs != fcs_sent) { cerr << "bad fcs: "; - fprintf (stderr, "%08x != %08x\n", fcs_sent, fcs); + fprintf (stderr, "%08x != %08x\n", fcs_sent, fcs); } */ - + fcs_ok = (fcs == fcs_sent); } if (cbs->Check80211FCS(*this) && fcs_ok==false){ @@ -1461,7 +1461,7 @@ void WifiPacket::handle_radiotap(const u_char *p,size_t caplen) radiotap_hdr ohdr; memset(&ohdr, 0, sizeof(ohdr)); - + /* Assume no Atheros padding between 802.11 header and body */ int pad = 0; uint32_t *presentp; @@ -1633,10 +1633,10 @@ void Wifipcap::Init(const char *name, bool live) { bool gzip = !strcmp(name+slen-3, ".gz"); bool bzip = !strcmp(name+slen-4, ".bz2"); - + char cmd[256]; char errbuf[256]; - if (gzip) + if (gzip) sprintf(cmd, "zcat %s", name); else if (bzip) sprintf(cmd, "bzcat %s", name); @@ -1688,7 +1688,7 @@ void Wifipcap::Init(const char *name, bool live) { * It records some stats and then dispatches to the appropriate callback. */ void Wifipcap::handle_packet(WifipcapCallbacks *cbs,int header_type, - const struct pcap_pkthdr *header, const u_char * packet) + const struct pcap_pkthdr *header, const u_char * packet) { /* Record start time if we don't have it */ if (startTime == TIME_NONE) { @@ -1701,7 +1701,7 @@ void Wifipcap::handle_packet(WifipcapCallbacks *cbs,int header_type, int hours = (header->ts.tv_sec - startTime.tv_sec)/3600; int days = hours/24; int left = hours%24; - fprintf(stderr, "wifipcap: %2d days %2d hours, %10" PRId64 " pkts\n", + fprintf(stderr, "wifipcap: %2d days %2d hours, %10" PRId64 " pkts\n", days, left, packetsProcessed); } lastPrintTime = header->ts; @@ -1730,7 +1730,7 @@ void Wifipcap::handle_packet(WifipcapCallbacks *cbs,int header_type, default: #if 0 /// 2018-08-02: slg - I'm also not sure why this is commented out. - // try handling it as default IP assuming framing is ethernet + // try handling it as default IP assuming framing is ethernet // (this is for testing) pkt.handle_ip(packet,header->caplen); #endif @@ -1747,7 +1747,7 @@ void Wifipcap::handle_packet_callback(u_char *user, const struct pcap_pkthdr *he Wifipcap::PcapUserData *data = reinterpret_cast(user); data->wcap->handle_packet(data->cbs,data->header_type,header,packet); } - + const char *Wifipcap::SetFilter(const char *filter) { @@ -1759,12 +1759,12 @@ const char *Wifipcap::SetFilter(const char *filter) #endif - if(pcap_compile(descr,&fp,(char *)filter,0,netp) == -1) { - return "Error calling pcap_compile"; + if(pcap_compile(descr,&fp,(char *)filter,0,netp) == -1) { + return "Error calling pcap_compile"; } - - if(pcap_setfilter(descr,&fp) == -1) { - return "Error setting filter"; + + if(pcap_setfilter(descr,&fp) == -1) { + return "Error setting filter"; } return NULL; @@ -1776,7 +1776,7 @@ void Wifipcap::Run(WifipcapCallbacks *cbs, int maxpkts) /* NOTE: This needs to be fixed so that the correct handle_packet is called */ packetsProcessed = 0; - + do { PcapUserData data(this,cbs,DLT_IEEE802_11_RADIO); pcap_loop(descr, maxpkts > 0 ? maxpkts - packetsProcessed : 0, @@ -1786,4 +1786,3 @@ void Wifipcap::Run(WifipcapCallbacks *cbs, int maxpkts) /////////////////////////////////////////////////////////////////////////////// -