Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Libnet
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

FW: [PATCH]Possible bug in libnet_build_udp.c in libnet 1.1.2.1and its f

from [Arun Vishwanathan] Network Security [Permanent Link]
Subject: FW: [PATCH]Possible bug in libnet_build_udp.c in libnet 1.1.2.1and its fix
Date: Mon, 2 May 2005 22:38:07 +0530 
Resending ... 

-----Original Message-----
From: Arun Vishwanathan 
Sent: Sunday, April 24, 2005 1:28 AM
To: 'libnet@securityfocus.com'
Subject: [PATCH]Possible bug in libnet_build_udp.c in libnet 1.1.2.1and
its fix


Hi Mike, 

I encountered a possible bug while using libnet_build_udp
(libnet-1.1.2.1) function. I wanted to craft packets to simulate a UDP
datagram being split into multiple IP fragments. 

The following function is called first time in my code to build the
first fragment with the UDP header and the subsequent fragments are
built using libnet_build_ipv4. 

      udp = libnet_build_udp(
           p->sport,                            /* source port */
           p->dport,                            /* destination port */
           LIBNET_UDP_H + totlen,               /* packet length */
           0,                                   /* checksum */
           p->payload,                          /* payload */
           p->length,                           /* payload size */
           l,                                   /* libnet handle */
           udp);                                /* libnet id */
       if (udp == -1) {
          err = libnet_geterror(l);
          retval = ERR_BUILD_UDP;
          goto bad;
       }

In the above function I gave "packet length" as the full UDP datagram
length (unfragmented) and the payload size as the size of the payload in
*this*  packet. But this code produced seg fault in the libnet
checksumming function. 

A close look at the code in libnet_build_udp.c revealed the problem. 

Line55:     n = LIBNET_UDP_H + payload_s;       /* size of memory block
*/
Line56:     h = len;               /* header length (for cksum) */
Line105:    return (ptag ? ptag : libnet_pblock_update(l, p, h,
LIBNET_PBLOCK_UDP_H));

On line 105 "h" is passed to the called which is subsequently used for
checksum calculation. But actually it is "n" that should be passed
because checksum should be pa. 

After making this change the segfaults did not occur and my code worked
:)

I have rectified the mistake and created a patch. The patch adds proper
comments to line 55 and 56 and updates line 105. I hope my thinking is
right. Please let me know in any case. 

Please find attached the patch with this mail.

Regards,
Arun 

-------------------------------------------------------------
"Using encryption on the Internet is the equivalent of arranging
 an armored car to deliver credit-card information from someone 
 living in a cardboard box to someone living on a park bench."
                                         -Gene Spafford   
-------------------------------------------------------------

Attachment: libnet-udp-cksum-fix-arunv.patch
Description: libnet-udp-cksum-fix-arunv.patch

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • FW: [PATCH]Possible bug in libnet_build_udp.c in libnet 1.1.2.1and its fix, Arun Vishwanathan <=
Previous by Date:  how to build an ipv4 packet?, Andrea_ landi
Previous by Thread:  how to build an ipv4 packet?, Andrea_ landi
Indexes:  [Date] [Thread] [Top] [All Lists]