diff options
author | Guy Harris <guy@alum.mit.edu> | 2003-09-05 04:39:19 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2003-09-05 04:39:19 +0000 |
commit | fd37b02632b2cb36967b8c6d1c8f5982b02e9772 (patch) | |
tree | d993b8819d1c14e03eb2d2add6439200d839401c /packet-stun.c | |
parent | d633bccd2ffd18c208d98d9e9f855c412ff805e7 (diff) |
Make even the non-heuristic STUN dissector reject packets that don't
look like STUN packets.
svn path=/trunk/; revision=8384
Diffstat (limited to 'packet-stun.c')
-rw-r--r-- | packet-stun.c | 107 |
1 files changed, 47 insertions, 60 deletions
diff --git a/packet-stun.c b/packet-stun.c index e252b04c16..198d605b88 100644 --- a/packet-stun.c +++ b/packet-stun.c @@ -2,7 +2,7 @@ * Routines for Simple Traversal of UDP Through NAT dissection * Copyright 2003, Shiang-Ming Huang <smhuang@pcs.csie.nctu.edu.tw> * - * $Id: packet-stun.c,v 1.2 2003/08/18 01:40:16 gerald Exp $ + * $Id: packet-stun.c,v 1.3 2003/09/05 04:39:19 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -134,7 +134,7 @@ static const value_string attributes_family[] = { {0x00, NULL} }; -static void +static int dissect_stun(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { @@ -142,15 +142,41 @@ dissect_stun(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) proto_item *ta; proto_tree *stun_tree; proto_tree *att_tree; - - - guint16 message_type; - - guint16 att_type; guint16 att_length; guint16 offset; + /* + * First check if the frame is really meant for us. + */ + + /* First, make sure we have enough data to do the check. */ + if (!tvb_bytes_exist(tvb, 0, STUN_HDR_LEN)) + return 0; + + att_type = tvb_get_ntohs(tvb, 0); + + /* check if message type is correct */ + if( (att_type != BINDING_REQUEST) && + (att_type != BINDING_RESPONSE) && + (att_type != BINDING_ERROR_RESPONSE) && + (att_type != SHARED_SECRET_REQUEST) && + (att_type != SHARED_SECRET_RESPONSE) && + (att_type != SHARED_SECRET_ERROR_RESPONSE) + ) + return 0; + + + att_length = tvb_get_ntohs(tvb, 2); + + /* check if payload enough */ + if (!tvb_bytes_exist(tvb, 0, STUN_HDR_LEN+att_length)) + return 0; + + if(tvb_bytes_exist(tvb, 0, STUN_HDR_LEN+att_length+1)) + return 0; + + /* The message seems to be a valid STUN message! */ if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, "STUN"); @@ -158,16 +184,13 @@ dissect_stun(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (check_col(pinfo->cinfo, COL_INFO)) { col_clear(pinfo->cinfo, COL_INFO); - message_type = tvb_get_ntohs(tvb, 0); - - col_add_fstr(pinfo->cinfo, COL_INFO, "Message : %s", - (message_type==BINDING_REQUEST)?"Binding Request": - (message_type==BINDING_RESPONSE)?"Binding Response": - (message_type==BINDING_ERROR_RESPONSE)?"Binding Error Response": - (message_type==SHARED_SECRET_REQUEST)?"Shared Secret Request": - (message_type==SHARED_SECRET_RESPONSE)?"Shared Secret Response": - (message_type==SHARED_SECRET_ERROR_RESPONSE)?"Shared Secret Error Response":"UNKNOWN" + (att_type==BINDING_REQUEST)?"Binding Request": + (att_type==BINDING_RESPONSE)?"Binding Response": + (att_type==BINDING_ERROR_RESPONSE)?"Binding Error Response": + (att_type==SHARED_SECRET_REQUEST)?"Shared Secret Request": + (att_type==SHARED_SECRET_RESPONSE)?"Shared Secret Response": + (att_type==SHARED_SECRET_ERROR_RESPONSE)?"Shared Secret Error Response":"UNKNOWN" ); } @@ -264,58 +287,23 @@ dissect_stun(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) break; default: - return; + return tvb_length(tvb); } } } + return tvb_length(tvb); } static gboolean dissect_stun_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - guint16 type, length; - - /* - * This is a heuristic dissector, which means we get all the - * UDP and TCP traffic not sent to a known dissector and not - * claimed by a heuristic dissector called before us! - * So we first check if the frame is really meant for us. - */ - - /* First, make sure we have enough data to do the check. */ - if (!tvb_bytes_exist(tvb, 0, STUN_HDR_LEN)) - return FALSE; - - type = tvb_get_ntohs(tvb, 0); - - /* check if message type is correct */ - if( (type != BINDING_REQUEST) && - (type != BINDING_RESPONSE) && - (type != BINDING_ERROR_RESPONSE) && - (type != SHARED_SECRET_REQUEST) && - (type != SHARED_SECRET_RESPONSE) && - (type != SHARED_SECRET_ERROR_RESPONSE) - ) - return FALSE; - - - length = tvb_get_ntohs(tvb, 2); - - /* check if payload enough */ - if (!tvb_bytes_exist(tvb, 0, STUN_HDR_LEN+length)) - return FALSE; - - if(tvb_bytes_exist(tvb, 0, STUN_HDR_LEN+length+1)) + if (dissect_stun(tvb, pinfo, tree) == 0) return FALSE; - - /* The message seems to be a valid STUN message! */ - dissect_stun(tvb, pinfo, tree); - - return TRUE; + return TRUE; } @@ -323,8 +311,7 @@ dissect_stun_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) void proto_register_stun(void) -{ - +{ static hf_register_info hf[] = { { &hf_stun_type, { "Message Type", "stun.type", FT_UINT16, @@ -414,10 +401,10 @@ proto_reg_handoff_stun(void) { dissector_handle_t stun_handle; - stun_handle = create_dissector_handle(dissect_stun, proto_stun); + stun_handle = new_create_dissector_handle(dissect_stun, proto_stun); dissector_add("tcp.port", TCP_PORT_STUN, stun_handle); dissector_add("udp.port", UDP_PORT_STUN, stun_handle); - heur_dissector_add( "udp", dissect_stun_heur, proto_stun ); - heur_dissector_add( "tcp", dissect_stun_heur, proto_stun ); + heur_dissector_add("udp", dissect_stun_heur, proto_stun); + heur_dissector_add("tcp", dissect_stun_heur, proto_stun); } |