aboutsummaryrefslogblamecommitdiffstats
path: root/main/tcpflow/CVE-2018-18409.patch
blob: fb324de7040cd4a1015cfa84786052789779b465 (plain) (tree)






















































































































































































                                                                                                                                                       
From 89c04b4fb0e46b3c4f1388686e83966e531cbea9 Mon Sep 17 00:00:00 2001
From: "Simson L. Garfinkel" <simsong@acm.org>
Date: Sat, 20 Oct 2018 07:31:32 -0400
Subject: [PATCH] fixed theoretical stack overflow identified in #195)

---
 src/iptree.h | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/iptree.h b/src/iptree.h
index 6332e8e..6abf25b 100644
--- a/src/iptree.h
+++ b/src/iptree.h
@@ -241,8 +241,10 @@ private:;
         return (addr[i / 8]) & (1<<((7-i)&7));
     }
     /* set the ith bit to 1 */
-    static void setbit(uint8_t *addr,size_t i){
-        addr[i / 8] |= (1<<((7-i)&7));
+    static void setbit(uint8_t *addr,size_t addr, size_t i){
+        if ( i/8 < addr) {
+            addr[i / 8] |= (1<<((7-i)&7));
+        }
     }
     
     virtual ~iptreet(){}                // required per compiler warnings
@@ -388,7 +390,8 @@ private:;
         uint8_t addr1[ADDRBYTES];
         
         memset(addr0,0,sizeof(addr0)); memcpy(addr0,addr,(depth+7)/8);
-        memset(addr1,0,sizeof(addr1)); memcpy(addr1,addr,(depth+7)/8); setbit(addr1,depth);
+        memset(addr1,0,sizeof(addr1)); memcpy(addr1,addr,(depth+7)/8);
+        setbit(addr1,sizeof(addr1),depth);
         
         if(ptr->ptr0) get_histogram(depth+1,addr0,ptr->ptr0,histogram);
         if(ptr->ptr1) get_histogram(depth+1,addr1,ptr->ptr1,histogram);
@@ -527,8 +530,10 @@ class ip2tree:public iptreet<uint64_t,32> {
     /* de-interleave a pair of addresses */
     static void un_pair(uint8_t *addr1,uint8_t *addr2,size_t addr12len,size_t *depth1,size_t *depth2,const uint8_t *addr,size_t addrlen,size_t depth){
         for(size_t i=0;i<addrlen*8/2;i++){
-            if(iptreet<uint64_t,32>::bit(addr,i*2))   iptreet<uint64_t,32>::setbit(addr1,i);
-            if(iptreet<uint64_t,32>::bit(addr,i*2+1)) iptreet<uint64_t,32>::setbit(addr2,i);
+            if(iptreet<uint64_t,32>::bit(addr,i*2))
+                iptreet<uint64_t,32>::setbit(addr1,sizeof(addr1),i);
+            if(iptreet<uint64_t,32>::bit(addr,i*2+1))
+                iptreet<uint64_t,32>::setbit(addr2,sizeof(addr2),i);
         }
         *depth1 = (depth+1)/2;
         *depth2 = (depth)/2;
@@ -563,8 +568,10 @@ class ip2tree:public iptreet<uint64_t,32> {
         memset(addr,0,sizeof(addr));
         /* Interleave on the bit by bit level */
         for(size_t i=0;i<addrlen*8;i++){
-            if(iptreet<uint64_t,32>::bit(addr1,i)) iptreet<uint64_t,32>::setbit(addr,i*2);
-            if(iptreet<uint64_t,32>::bit(addr2,i)) iptreet<uint64_t,32>::setbit(addr,i*2+1);
+            if(iptreet<uint64_t,32>::bit(addr1,i))
+                iptreet<uint64_t,32>::setbit(addr,sizeof(addr),i*2);
+            if(iptreet<uint64_t,32>::bit(addr2,i))
+                iptreet<uint64_t,32>::setbit(addr,sizeof(addr),i*2+1);
         }
         add(addr,addrlen*2,val); /* Add it */
     }
From f4097c7c99ebb7b54d93a426016840072946c410 Mon Sep 17 00:00:00 2001
From: "Simson L. Garfinkel" <simsong@acm.org>
Date: Wed, 21 Nov 2018 17:57:12 -0600
Subject: [PATCH] fixed sizeof(addr1) and sizeof(addr2) error in un_pair

---
 src/iptree.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/iptree.h b/src/iptree.h
index 2c717db..0ddfa14 100644
--- a/src/iptree.h
+++ b/src/iptree.h
@@ -530,9 +530,9 @@ class ip2tree:public iptreet<uint64_t,32> {
     static void un_pair(uint8_t *addr1,uint8_t *addr2,size_t addr12len,size_t *depth1,size_t *depth2,const uint8_t *addr,size_t addrlen,size_t depth){
         for(size_t i=0;i<addrlen*8/2;i++){
             if(iptreet<uint64_t,32>::bit(addr,i*2))
-                iptreet<uint64_t,32>::setbit(addr1,sizeof(addr1),i);
+                iptreet<uint64_t,32>::setbit(addr1, addr12len, i);
             if(iptreet<uint64_t,32>::bit(addr,i*2+1))
-                iptreet<uint64_t,32>::setbit(addr2,sizeof(addr2),i);
+                iptreet<uint64_t,32>::setbit(addr2, addr12len, i);
         }
         *depth1 = (depth+1)/2;
         *depth2 = (depth)/2;
From 0e96c3578a79c41eab1e597ccd38e1c612b47810 Mon Sep 17 00:00:00 2001
From: "Simson L. Garfinkel" <simsong@acm.org>
Date: Sun, 18 Nov 2018 16:29:57 -0500
Subject: [PATCH] updated to 1.5.1; added -Wno-address-of-packed-member; fixed
 compile errors accidentally introduced.

---
 ChangeLog       |  4 ++++
 configure.ac    |  7 ++++++-
 src/iptree.h    |  4 ++--
 src/tcpflow.cpp | 10 ++++++++++
 4 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b0682c1..860ec23 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2018-11-18 Simson Garfinkel <simsong@acm.org>
+	* updated for pcap_findalldevs
+	* added -Wno-address-of-packed-member to avoid error
+	
 2017-07-12 Simson Garfinkel <simsong@acm.org>
 	* updated to work with Fedora 26 compilers
 	* Found bug in sbuf.cpp
diff --git a/configure.ac b/configure.ac
index fc48b63..866417e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7,7 +7,7 @@
 # and http://www.openismus.com/documents/linux/automake/automake.shtml 
 
 AC_PREREQ(2.57)
-AC_INIT(TCPFLOW, 1.5.0, simsong@acm.org)
+AC_INIT(TCPFLOW, 1.5.1, simsong@acm.org)
 AC_CONFIG_MACRO_DIR([m4])
 
 AC_CONFIG_FILES([Makefile src/Makefile tests/Makefile doc/Makefile])
@@ -70,6 +70,10 @@ case $host in
      LDFLAGS="$LDFLAGS --static"
      mingw="yes"
      ;;		 		     
+
+   *)
+     CXXFLAGS="$CXXFLAGS -Wno-address-of-packed-member"
+     ;;
 esac
 
 if test x"${mingw}" == "xno" ; then
@@ -348,6 +352,7 @@ located.])
         Mmissing_library="$Mmissing_library libpcap "
     ])
 fi
+AC_CHECK_FUNCS([pcap_findalldevs])
 
 dnl set with_wifi to 0 if you do not want it
 AC_ARG_ENABLE([wifi],
diff --git a/src/iptree.h b/src/iptree.h
index 6abf25b..5732dbc 100644
--- a/src/iptree.h
+++ b/src/iptree.h
@@ -241,8 +241,8 @@ private:;
         return (addr[i / 8]) & (1<<((7-i)&7));
     }
     /* set the ith bit to 1 */
-    static void setbit(uint8_t *addr,size_t addr, size_t i){
-        if ( i/8 < addr) {
+    static void setbit(uint8_t *addr,size_t addrlen, size_t i){
+        if ( i/8 < addrlen) {
             addr[i / 8] |= (1<<((7-i)&7));
         }
     }
diff --git a/src/tcpflow.cpp b/src/tcpflow.cpp
index d85dff6..004107f 100644
--- a/src/tcpflow.cpp
+++ b/src/tcpflow.cpp
@@ -461,9 +461,19 @@ static int process_infile(tcpdemux &demux,const std::string &expression,const ch
     } else {
 	/* if the user didn't specify a device, try to find a reasonable one */
 	if (device == NULL){
+#ifdef HAVE_PCAP_FINDALLDEVS
+            char errbuf[PCAP_ERRBUF_SIZE];
+            pcap_if_t *alldevs = 0;
+            if (pcap_findalldevs(&alldevs,errbuf)){
+		die("%s", errbuf);
+	    }
+            device=strdup(alldevs[0].name);
+            pcap_freealldevs(alldevs);
+#else
 	    if ((device = pcap_lookupdev(error)) == NULL){
 		die("%s", error);
 	    }
+#endif
 	}
 
 	/* make sure we can open the device */