diff options
author | Guy Harris <gharris@steve.local> | 2009-02-26 01:45:39 -0800 |
---|---|---|
committer | Guy Harris <gharris@steve.local> | 2009-02-26 01:45:39 -0800 |
commit | e195fc87a8dc2d60f03f2bd787a8e380f7193287 (patch) | |
tree | 998d20d0b6c643f460348f3bcb9295453be3f2c9 /print-tcp.c | |
parent | 0cd29d29174b83e6e700efbe77624eb1dabb8094 (diff) | |
download | tcpdump-e195fc87a8dc2d60f03f2bd787a8e380f7193287.tar.gz |
Make sure the packet isn't cut short before verifying the MD5 signature.
Indicate why we can't verify the MD5 signature.
Diffstat (limited to 'print-tcp.c')
-rw-r--r-- | print-tcp.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/print-tcp.c b/print-tcp.c index 17c1775e..de007c94 100644 --- a/print-tcp.c +++ b/print-tcp.c @@ -747,10 +747,17 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, u_int8_t nxt; #endif + if (data + length > snapend) { + printf("snaplen too short, "); + return (CANT_CHECK_SIGNATURE); + } + tp1 = *tp; - if (sigsecret == NULL) + if (sigsecret == NULL) { + printf("shared secret not supplied with -M, "); return (CANT_CHECK_SIGNATURE); + } MD5_Init(&ctx); /* @@ -778,8 +785,14 @@ tcp_verify_signature(const struct ip *ip, const struct tcphdr *tp, nxt = IPPROTO_TCP; MD5_Update(&ctx, (char *)&nxt, sizeof(nxt)); #endif - } else + } else { +#ifdef INET6 + printf("IP version not 4 or 6, "); +#else + printf("IP version not 4, "); +#endif return (CANT_CHECK_SIGNATURE); + } /* * Step 2: Update MD5 hash with TCP header, excluding options. |