From: Victor Julien Date: Thu, 10 Dec 2015 08:58:52 +0000 (+0100) Subject: ips/drop-log: fix crash on logging drops X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=64017cd29bf77aefed42bb1010f2e4bb1c9cac6c;p=people%2Fms%2Fsuricata.git ips/drop-log: fix crash on logging drops When logging drops for fragmented UDP packets, triggered by detection in the reassembled packet, a missing check could lead to access of the packets UDP header pointer when it was NULL. --- diff --git a/src/log-droplog.c b/src/log-droplog.c index 6eafd9d5e..67cbd1b1a 100644 --- a/src/log-droplog.c +++ b/src/log-droplog.c @@ -224,30 +224,34 @@ static int LogDropLogNetFilter (ThreadVars *tv, const Packet *p, void *data) switch (proto) { case IPPROTO_TCP: - fprintf(dlt->file_ctx->fp, " SPT=%"PRIu16" DPT=%"PRIu16" " - "SEQ=%"PRIu32" ACK=%"PRIu32" WINDOW=%"PRIu32"", - GET_TCP_SRC_PORT(p), GET_TCP_DST_PORT(p), TCP_GET_SEQ(p), - TCP_GET_ACK(p), TCP_GET_WINDOW(p)); - fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_SYN(p) ? " SYN" : ""); - fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_ACK(p) ? " ACK" : ""); - fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_PUSH(p) ? " PSH" : ""); - fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_RST(p) ? " RST" : ""); - fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_URG(p) ? " URG" : ""); - fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_FIN(p) ? " FIN" : ""); - fprintf(dlt->file_ctx->fp, " RES=0x%02"PRIu8" URGP=%"PRIu16"", - TCP_GET_RAW_X2(p->tcph), TCP_GET_URG_POINTER(p)); + if (PKT_IS_TCP(p)) { + fprintf(dlt->file_ctx->fp, " SPT=%"PRIu16" DPT=%"PRIu16" " + "SEQ=%"PRIu32" ACK=%"PRIu32" WINDOW=%"PRIu32"", + GET_TCP_SRC_PORT(p), GET_TCP_DST_PORT(p), TCP_GET_SEQ(p), + TCP_GET_ACK(p), TCP_GET_WINDOW(p)); + fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_SYN(p) ? " SYN" : ""); + fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_ACK(p) ? " ACK" : ""); + fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_PUSH(p) ? " PSH" : ""); + fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_RST(p) ? " RST" : ""); + fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_URG(p) ? " URG" : ""); + fprintf(dlt->file_ctx->fp, TCP_ISSET_FLAG_FIN(p) ? " FIN" : ""); + fprintf(dlt->file_ctx->fp, " RES=0x%02"PRIu8" URGP=%"PRIu16"", + TCP_GET_RAW_X2(p->tcph), TCP_GET_URG_POINTER(p)); + } break; case IPPROTO_UDP: - fprintf(dlt->file_ctx->fp, " SPT=%"PRIu16" DPT=%"PRIu16"" - " LEN=%"PRIu16"", UDP_GET_SRC_PORT(p), - UDP_GET_DST_PORT(p), UDP_GET_LEN(p)); + if (PKT_IS_UDP(p)) { + fprintf(dlt->file_ctx->fp, " SPT=%"PRIu16" DPT=%"PRIu16"" + " LEN=%"PRIu16"", UDP_GET_SRC_PORT(p), + UDP_GET_DST_PORT(p), UDP_GET_LEN(p)); + } break; case IPPROTO_ICMP: if (PKT_IS_ICMPV4(p)) { fprintf(dlt->file_ctx->fp, " TYPE=%"PRIu8" CODE=%"PRIu8"" " ID=%"PRIu16" SEQ=%"PRIu16"", ICMPV4_GET_TYPE(p), ICMPV4_GET_CODE(p), ICMPV4_GET_ID(p), ICMPV4_GET_SEQ(p)); - } else if(PKT_IS_ICMPV6(p)) { + } else if (PKT_IS_ICMPV6(p)) { fprintf(dlt->file_ctx->fp, " TYPE=%"PRIu8" CODE=%"PRIu8"" " ID=%"PRIu16" SEQ=%"PRIu16"", ICMPV6_GET_TYPE(p), ICMPV6_GET_CODE(p), ICMPV6_GET_ID(p), ICMPV6_GET_SEQ(p)); diff --git a/src/output-json-drop.c b/src/output-json-drop.c index c9b01df83..68c14d9b5 100644 --- a/src/output-json-drop.c +++ b/src/output-json-drop.c @@ -114,20 +114,24 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p) } switch (proto) { case IPPROTO_TCP: - json_object_set_new(djs, "tcpseq", json_integer(TCP_GET_SEQ(p))); - json_object_set_new(djs, "tcpack", json_integer(TCP_GET_ACK(p))); - json_object_set_new(djs, "tcpwin", json_integer(TCP_GET_WINDOW(p))); - json_object_set_new(djs, "syn", TCP_ISSET_FLAG_SYN(p) ? json_true() : json_false()); - json_object_set_new(djs, "ack", TCP_ISSET_FLAG_ACK(p) ? json_true() : json_false()); - json_object_set_new(djs, "psh", TCP_ISSET_FLAG_PUSH(p) ? json_true() : json_false()); - json_object_set_new(djs, "rst", TCP_ISSET_FLAG_RST(p) ? json_true() : json_false()); - json_object_set_new(djs, "urg", TCP_ISSET_FLAG_URG(p) ? json_true() : json_false()); - json_object_set_new(djs, "fin", TCP_ISSET_FLAG_FIN(p) ? json_true() : json_false()); - json_object_set_new(djs, "tcpres", json_integer(TCP_GET_RAW_X2(p->tcph))); - json_object_set_new(djs, "tcpurgp", json_integer(TCP_GET_URG_POINTER(p))); + if (PKT_IS_TCP(p)) { + json_object_set_new(djs, "tcpseq", json_integer(TCP_GET_SEQ(p))); + json_object_set_new(djs, "tcpack", json_integer(TCP_GET_ACK(p))); + json_object_set_new(djs, "tcpwin", json_integer(TCP_GET_WINDOW(p))); + json_object_set_new(djs, "syn", TCP_ISSET_FLAG_SYN(p) ? json_true() : json_false()); + json_object_set_new(djs, "ack", TCP_ISSET_FLAG_ACK(p) ? json_true() : json_false()); + json_object_set_new(djs, "psh", TCP_ISSET_FLAG_PUSH(p) ? json_true() : json_false()); + json_object_set_new(djs, "rst", TCP_ISSET_FLAG_RST(p) ? json_true() : json_false()); + json_object_set_new(djs, "urg", TCP_ISSET_FLAG_URG(p) ? json_true() : json_false()); + json_object_set_new(djs, "fin", TCP_ISSET_FLAG_FIN(p) ? json_true() : json_false()); + json_object_set_new(djs, "tcpres", json_integer(TCP_GET_RAW_X2(p->tcph))); + json_object_set_new(djs, "tcpurgp", json_integer(TCP_GET_URG_POINTER(p))); + } break; case IPPROTO_UDP: - json_object_set_new(djs, "udplen", json_integer(UDP_GET_LEN(p))); + if (PKT_IS_UDP(p)) { + json_object_set_new(djs, "udplen", json_integer(UDP_GET_LEN(p))); + } break; case IPPROTO_ICMP: if (PKT_IS_ICMPV4(p)) {