From f32c705ed52f2fd3b5fa787cc1a62220aad6ab63 Mon Sep 17 00:00:00 2001 From: Francois-Xavier Le Bail Date: Sat, 10 Oct 2015 13:57:21 +0200 Subject: Add versions sanity checks for pcap and pcap-ng savefiles pcap: Currently only versions 2.[0-4] are supported with the exception of 543.0 for DG/UX tcpdump. Versions < 2.x were already rejected as "archaic". pcap-ng: Currently only SHB version 1.0 is supported. (reference: https://github.com/pcapng/pcapng) --- sf-pcap-ng.c | 9 ++++++--- sf-pcap.c | 17 ++++++++++++++++- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/sf-pcap-ng.c b/sf-pcap-ng.c index 15962a10..9bee799a 100644 --- a/sf-pcap-ng.c +++ b/sf-pcap-ng.c @@ -121,6 +121,7 @@ struct section_header_block { * that means that this code can't read the file. */ #define PCAP_NG_VERSION_MAJOR 1 +#define PCAP_NG_VERSION_MINOR 0 /* * Interface Description Block. @@ -891,10 +892,12 @@ pcap_ng_check_header(bpf_u_int32 magic, FILE *fp, u_int precision, char *errbuf, * XXX - we don't care about the section length. */ } - if (shbp->major_version != PCAP_NG_VERSION_MAJOR) { + /* currently only SHB version 1.0 is supported */ + if (! (shbp->major_version == PCAP_NG_VERSION_MAJOR && + shbp->minor_version == PCAP_NG_VERSION_MINOR)) { snprintf(errbuf, PCAP_ERRBUF_SIZE, - "unknown pcap-ng savefile major version number %u", - shbp->major_version); + "unsupported pcap-ng savefile version %u.%u", + shbp->major_version, shbp->minor_version); goto fail; } p->version_major = shbp->major_version; diff --git a/sf-pcap.c b/sf-pcap.c index 593a30db..c950f778 100644 --- a/sf-pcap.c +++ b/sf-pcap.c @@ -149,7 +149,7 @@ struct pcap_sf { */ pcap_t * pcap_check_header(bpf_u_int32 magic, FILE *fp, u_int precision, char *errbuf, - int *err) + int *err) { struct pcap_file_header hdr; size_t amt_read; @@ -217,6 +217,21 @@ pcap_check_header(bpf_u_int32 magic, FILE *fp, u_int precision, char *errbuf, return (NULL); } + /* + * currently only versions 2.[0-4] are supported with + * the exception of 543.0 for DG/UX tcpdump. + */ + if (! ((hdr.version_major == PCAP_VERSION_MAJOR && + hdr.version_minor <= PCAP_VERSION_MINOR) || + (hdr.version_major == 543 && + hdr.version_minor == 0))) { + snprintf(errbuf, PCAP_ERRBUF_SIZE, + "unsupported pcap savefile version %u.%u", + hdr.version_major, hdr.version_minor); + *err = 1; + return NULL; + } + /* * OK, this is a good pcap file. * Allocate a pcap_t for it. -- cgit v1.2.1