diff options
author | Guy Harris <guy@alum.mit.edu> | 2015-05-09 16:35:45 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2015-05-09 23:36:11 +0000 |
commit | acf7985f7377806e23d7ec9daa14a3a6886a51c7 (patch) | |
tree | 3c46c8ceb05fc7feee052c138c437f83f5381a53 /epan/dissectors | |
parent | bb89e7724220098e7b7fba5d31daf0d916b2d553 (diff) |
Define the SHA-1 digest length in wsutil/sha1.h and use it.
Hopefully that'll make it a little easier to make sure that we're not
overflowing arrays.
Change-Id: I770df045ef9a45fd486c1271ea424b3334bb39d2
Reviewed-on: https://code.wireshark.org/review/8370
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'epan/dissectors')
-rw-r--r-- | epan/dissectors/packet-cms.c | 13 | ||||
-rw-r--r-- | epan/dissectors/packet-corosync-totemnet.c | 29 | ||||
-rw-r--r-- | epan/dissectors/packet-l2tp.c | 9 | ||||
-rw-r--r-- | epan/dissectors/packet-sigcomp.c | 4 | ||||
-rw-r--r-- | epan/dissectors/packet-snmp.c | 8 |
5 files changed, 30 insertions, 33 deletions
diff --git a/epan/dissectors/packet-cms.c b/epan/dissectors/packet-cms.c index 0ccceb1efa..15957d14a0 100644 --- a/epan/dissectors/packet-cms.c +++ b/epan/dissectors/packet-cms.c @@ -258,7 +258,6 @@ static proto_tree *top_tree=NULL; static proto_tree *cap_tree=NULL; #define HASH_SHA1 "1.3.14.3.2.26" -#define SHA1_BUFFER_SIZE 20 #define HASH_MD5 "1.2.840.113549.2.5" #define MD5_BUFFER_SIZE 16 @@ -270,7 +269,7 @@ static proto_tree *cap_tree=NULL; #define HASH_SHA256 "2.16.840.1.101.3.4.2.1" #define SHA256_BUFFER_SIZE 32 -unsigned char digest_buf[MAX(SHA1_BUFFER_SIZE, MD5_BUFFER_SIZE)]; +unsigned char digest_buf[MAX(SHA1_DIGEST_LEN, MD5_BUFFER_SIZE)]; static void cms_verify_msg_digest(proto_item *pi, tvbuff_t *content, const char *alg, tvbuff_t *tvb, int offset) @@ -291,7 +290,7 @@ cms_verify_msg_digest(proto_item *pi, tvbuff_t *content, const char *alg, tvbuff sha1_finish(&sha1_ctx, digest_buf); - buffer_size = SHA1_BUFFER_SIZE; + buffer_size = SHA1_DIGEST_LEN; } else if(strcmp(alg, HASH_MD5) == 0) { @@ -1850,7 +1849,7 @@ static int dissect_RC2CBCParameters_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U /*--- End of included file: packet-cms-fn.c ---*/ -#line 133 "../../asn1/cms/packet-cms-template.c" +#line 132 "../../asn1/cms/packet-cms-template.c" /*--- proto_register_cms ----------------------------------------------*/ void proto_register_cms(void) { @@ -2358,7 +2357,7 @@ void proto_register_cms(void) { NULL, HFILL }}, /*--- End of included file: packet-cms-hfarr.c ---*/ -#line 144 "../../asn1/cms/packet-cms-template.c" +#line 143 "../../asn1/cms/packet-cms-template.c" }; /* List of subtrees */ @@ -2422,7 +2421,7 @@ void proto_register_cms(void) { &ett_cms_SEQUENCE_OF_Attribute, /*--- End of included file: packet-cms-ettarr.c ---*/ -#line 149 "../../asn1/cms/packet-cms-template.c" +#line 148 "../../asn1/cms/packet-cms-template.c" }; /* Register protocol */ @@ -2469,7 +2468,7 @@ void proto_reg_handoff_cms(void) { /*--- End of included file: packet-cms-dis-tab.c ---*/ -#line 172 "../../asn1/cms/packet-cms-template.c" +#line 171 "../../asn1/cms/packet-cms-template.c" oid_add_from_string("id-data","1.2.840.113549.1.7.1"); oid_add_from_string("id-alg-des-ede3-cbc","1.2.840.113549.3.7"); diff --git a/epan/dissectors/packet-corosync-totemnet.c b/epan/dissectors/packet-corosync-totemnet.c index c64ad1d241..d867b72851 100644 --- a/epan/dissectors/packet-corosync-totemnet.c +++ b/epan/dissectors/packet-corosync-totemnet.c @@ -64,7 +64,6 @@ static gchar** corosync_totemnet_private_keys_list = NULL; static gint ett_corosync_totemnet_security_header = -1; -#define HMAC_HASH_SIZE 20 #define SALT_SIZE 16 #define TOTEM_CRYPTO_SOBER 0 @@ -97,10 +96,10 @@ dissect_corosync_totemnet_security_header(tvbuff_t *tvb, proto_tree_add_item(tree, hf_corosync_totemnet_security_header_hash_digest, - tvb, 0, HMAC_HASH_SIZE, ENC_NA); + tvb, 0, SHA1_DIGEST_LEN, ENC_NA); proto_tree_add_item(tree, hf_corosync_totemnet_security_header_salt, - tvb, HMAC_HASH_SIZE, SALT_SIZE, ENC_NA); + tvb, SHA1_DIGEST_LEN, SALT_SIZE, ENC_NA); if (check_crypt_type) { @@ -116,7 +115,7 @@ dissect_corosync_totemnet_security_header(tvbuff_t *tvb, PROTO_ITEM_SET_GENERATED(key_item); } } - return HMAC_HASH_SIZE + SALT_SIZE; + return SHA1_DIGEST_LEN + SALT_SIZE; } /* About totemnet.c of corosync cluster engine: @@ -265,7 +264,7 @@ dissect_corosynec_totemnet_with_decryption(tvbuff_t *tvb, unsigned char *hmac_key = &keys[32]; unsigned char *cipher_key = &keys[16]; unsigned char *initial_vector = &keys[0]; - unsigned char digest_comparison[HMAC_HASH_SIZE]; + unsigned char digest_comparison[SHA1_DIGEST_LEN]; int io_len; guint8 *io_base; @@ -277,7 +276,7 @@ dissect_corosynec_totemnet_with_decryption(tvbuff_t *tvb, unsigned char* salt; io_len = tvb_reported_length(tvb) - (check_crypt_type? 1: 0); - if (io_len < HMAC_HASH_SIZE + SALT_SIZE) { + if (io_len < SHA1_DIGEST_LEN + SALT_SIZE) { return 0; } @@ -288,7 +287,7 @@ dissect_corosynec_totemnet_with_decryption(tvbuff_t *tvb, } hash_digest = io_base; - salt = io_base + HMAC_HASH_SIZE; + salt = io_base + SHA1_DIGEST_LEN; memset(private_key, 0, sizeof(private_key)); @@ -319,18 +318,18 @@ dissect_corosynec_totemnet_with_decryption(tvbuff_t *tvb, * Authenticate contents of message */ sha1_hmac(hmac_key, 16, - io_base + HMAC_HASH_SIZE, io_len - HMAC_HASH_SIZE, + io_base + SHA1_DIGEST_LEN, io_len - SHA1_DIGEST_LEN, digest_comparison); - if (memcmp (digest_comparison, hash_digest, HMAC_HASH_SIZE) != 0) + if (memcmp (digest_comparison, hash_digest, SHA1_DIGEST_LEN) != 0) return 0; /* * Decrypt the contents of the message with the cipher key */ - sober128_read (io_base + HMAC_HASH_SIZE + SALT_SIZE, - io_len - (HMAC_HASH_SIZE + SALT_SIZE), + sober128_read (io_base + SHA1_DIGEST_LEN + SALT_SIZE, + io_len - (SHA1_DIGEST_LEN + SALT_SIZE), &stream_prng_state); @@ -352,11 +351,11 @@ dissect_corosynec_totemnet_with_decryption(tvbuff_t *tvb, check_crypt_type, key_for_trial); next_tvb = tvb_new_subset(decrypted_tvb, - HMAC_HASH_SIZE + SALT_SIZE, - io_len - (HMAC_HASH_SIZE + SALT_SIZE), - io_len - (HMAC_HASH_SIZE + SALT_SIZE)); + SHA1_DIGEST_LEN + SALT_SIZE, + io_len - (SHA1_DIGEST_LEN + SALT_SIZE), + io_len - (SHA1_DIGEST_LEN + SALT_SIZE)); - return call_dissector(corosync_totemsrp_handle, next_tvb, pinfo, parent_tree) + HMAC_HASH_SIZE + SALT_SIZE; + return call_dissector(corosync_totemsrp_handle, next_tvb, pinfo, parent_tree) + SHA1_DIGEST_LEN + SALT_SIZE; } } diff --git a/epan/dissectors/packet-l2tp.c b/epan/dissectors/packet-l2tp.c index 8cff05f654..ad66e5c4b7 100644 --- a/epan/dissectors/packet-l2tp.c +++ b/epan/dissectors/packet-l2tp.c @@ -782,7 +782,6 @@ static dissector_handle_t l2tp_ip_handle; #define L2TP_HMAC_SHA1 1 #define L2TP_HMAC_MD5_KEY_LEN 16 #define L2TP_HMAC_MD5_DIGEST_LEN 16 -#define L2TP_HMAC_SHA1_DIGEST_LEN 20 typedef struct l2tpv3_conversation { address lcce1; @@ -897,7 +896,7 @@ static void sha1_hmac_digest(l2tpv3_tunnel_t *tunnel, packet_info *pinfo, guint8 digest[20]) { - guint8 zero[L2TP_HMAC_SHA1_DIGEST_LEN]; + guint8 zero[SHA1_DIGEST_LEN]; sha1_hmac_context ms; int remainder; int offset = 0; @@ -921,7 +920,7 @@ static void sha1_hmac_digest(l2tpv3_tunnel_t *tunnel, sha1_hmac_update(&ms, tvb_get_ptr(tvb, 0, idx + 1 - offset), idx + 1 - offset); /* Message digest is calculated with an empty message digest field */ - memset(zero, 0, L2TP_HMAC_SHA1_DIGEST_LEN); + memset(zero, 0, SHA1_DIGEST_LEN); sha1_hmac_update(&ms, zero, avp_len - 1); remainder = length - (idx + avp_len); sha1_hmac_update(&ms, tvb_get_ptr(tvb, idx + avp_len, remainder), remainder); @@ -936,7 +935,7 @@ static int check_control_digest(l2tpv3_tunnel_t *tunnel, int msg_type, packet_info *pinfo) { - guint8 digest[L2TP_HMAC_SHA1_DIGEST_LEN]; + guint8 digest[SHA1_DIGEST_LEN]; if (!tunnel) return 1; @@ -950,7 +949,7 @@ static int check_control_digest(l2tpv3_tunnel_t *tunnel, md5_hmac_digest(tunnel, tvb, length, idx, avp_len, msg_type, pinfo, digest); break; case L2TP_HMAC_SHA1: - if ((avp_len - 1) != L2TP_HMAC_SHA1_DIGEST_LEN) + if ((avp_len - 1) != SHA1_DIGEST_LEN) return -1; sha1_hmac_digest(tunnel, tvb, length, idx, avp_len, msg_type, pinfo, digest); break; diff --git a/epan/dissectors/packet-sigcomp.c b/epan/dissectors/packet-sigcomp.c index 933b0efe4d..2a23dc9a1d 100644 --- a/epan/dissectors/packet-sigcomp.c +++ b/epan/dissectors/packet-sigcomp.c @@ -4881,8 +4881,8 @@ dissect_sigcomp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *sigcomp_tr proto_tree_add_item(sigcomp_tree,hf_sigcomp_nack_pc, tvb, offset, 2, ENC_BIG_ENDIAN); offset = offset +2; - proto_tree_add_item(sigcomp_tree,hf_sigcomp_nack_sha1, tvb, offset, 20, ENC_NA); - offset = offset +20; + proto_tree_add_item(sigcomp_tree,hf_sigcomp_nack_sha1, tvb, offset, SHA1_DIGEST_LEN, ENC_NA); + offset = offset +SHA1_DIGEST_LEN; /* Add NACK info to info column */ col_append_fstr(pinfo->cinfo, COL_INFO, " NACK reason=%s, opcode=%s", diff --git a/epan/dissectors/packet-snmp.c b/epan/dissectors/packet-snmp.c index 669acf7cbd..2065b72d03 100644 --- a/epan/dissectors/packet-snmp.c +++ b/epan/dissectors/packet-snmp.c @@ -122,7 +122,7 @@ static void snmp_usm_password_to_key_sha1(const guint8 *password, guint password static snmp_usm_auth_model_t model_md5 = {snmp_usm_password_to_key_md5, snmp_usm_auth_md5, 16}; -static snmp_usm_auth_model_t model_sha1 = {snmp_usm_password_to_key_sha1, snmp_usm_auth_sha1, 20}; +static snmp_usm_auth_model_t model_sha1 = {snmp_usm_password_to_key_sha1, snmp_usm_auth_sha1, SHA1_DIGEST_LEN}; static const value_string auth_types[] = { {0,"MD5"}, @@ -1738,7 +1738,7 @@ snmp_usm_auth_sha1(snmp_usm_params_t* p _U_, guint8** calc_auth_p, guint* calc_a msg[i] = '\0'; } - calc_auth = (guint8*)wmem_alloc(wmem_packet_scope(), 20); + calc_auth = (guint8*)wmem_alloc(wmem_packet_scope(), SHA1_DIGEST_LEN); sha1_hmac(key, key_len, msg, msg_len, calc_auth); @@ -3467,9 +3467,9 @@ snmp_usm_password_to_key_sha1(const guint8 *password, guint passwordlen, /*****************************************************/ sha1_starts(&SH); - sha1_update(&SH, key, 20); + sha1_update(&SH, key, SHA1_DIGEST_LEN); sha1_update(&SH, engineID, engineLength); - sha1_update(&SH, key, 20); + sha1_update(&SH, key, SHA1_DIGEST_LEN); sha1_finish(&SH, key); return; } |