Merge pull request #46 from wllm-rbnt/leaks

Leaks
This commit is contained in:
Alexandre Dulaunoy 2021-01-21 21:00:55 +01:00 committed by GitHub
commit bc36efa490
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 97 additions and 20 deletions

View file

@ -86,17 +86,22 @@ int network_handler_create(mod,handlerp)
_status=0; _status=0;
abort: abort:
if(_status){ if(_status){
network_handler_destroy(&handler); network_handler_destroy(mod, &handler);
} }
return(_status); return(_status);
} }
int network_handler_destroy(handlerp) int network_handler_destroy(mod,handlerp)
proto_mod *mod;
n_handler **handlerp; n_handler **handlerp;
{ {
n_handler *handler=0;
if(!handlerp || !*handlerp) if(!handlerp || !*handlerp)
return(0); return(0);
handler = *handlerp;
mod->vtbl->destroy_ctx(mod->handle,&handler->ctx);
free(*handlerp); free(*handlerp);
*handlerp=0; *handlerp=0;
return(0); return(0);
@ -121,6 +126,12 @@ int network_process_packet(handler,timestamp,data,length)
p.len=length; p.len=length;
p.ip=(struct ip *)data; p.ip=(struct ip *)data;
if(p.len < 20) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf("Malformed packet, packet too small to contain IP header, skipping ...\n");
return(0);
}
/*Handle, or rather mishandle, fragmentation*/ /*Handle, or rather mishandle, fragmentation*/
off=ntohs(p.ip->ip_off); off=ntohs(p.ip->ip_off);

View file

@ -75,7 +75,7 @@ typedef struct packet_ packet;
int network_handler_create PROTO_LIST((proto_mod *mod, int network_handler_create PROTO_LIST((proto_mod *mod,
n_handler **handlerp)); n_handler **handlerp));
int network_handler_destroy PROTO_LIST((n_handler **handlerp)); int network_handler_destroy PROTO_LIST((proto_mod *mod,n_handler **handlerp));
int network_process_packet PROTO_LIST((n_handler *handler, int network_process_packet PROTO_LIST((n_handler *handler,
struct timeval *timestamp,UCHAR *data,int length)); struct timeval *timestamp,UCHAR *data,int length));
int packet_copy PROTO_LIST((packet *in,packet **out)); int packet_copy PROTO_LIST((packet *in,packet **out));

View file

@ -127,6 +127,9 @@ int print_version()
} }
pcap_t *p; pcap_t *p;
proto_mod *mod=&ssl_mod;
n_handler *n;
char *interface_name=0;
void sig_handler(int sig) void sig_handler(int sig)
{ {
int freed_conn = 0; int freed_conn = 0;
@ -138,8 +141,13 @@ void sig_handler(int sig)
if(freed_conn && !(NET_print_flags & NET_PRINT_JSON)) if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
printf("Cleaned %d remaining connection(s) from connection pool\n", freed_conn); printf("Cleaned %d remaining connection(s) from connection pool\n", freed_conn);
network_handler_destroy(mod, &n);
if(p) if(p)
pcap_close(p); pcap_close(p);
if(interface_name)
free(interface_name);
exit(0); exit(0);
} }
@ -168,6 +176,12 @@ void pcap_cb(ptr,hdr,data)
len-=4; len-=4;
break; break;
case DLT_EN10MB: case DLT_EN10MB:
if(len < sizeof(struct ether_header)) {
if(!(NET_print_flags & NET_PRINT_JSON))
printf("Frame size too small to contain Ethernet header, skipping ...\n");
return;
}
type=ntohs(e_hdr->ether_type); type=ntohs(e_hdr->ether_type);
data+=sizeof(struct ether_header); data+=sizeof(struct ether_header);
@ -287,7 +301,6 @@ int main(argc,argv)
char **argv; char **argv;
{ {
int r; int r;
n_handler *n;
#ifdef _WIN32 #ifdef _WIN32
__declspec(dllimport) char *optarg; __declspec(dllimport) char *optarg;
__declspec(dllimport) int optind; __declspec(dllimport) int optind;
@ -296,10 +309,8 @@ int main(argc,argv)
extern int optind; extern int optind;
#endif #endif
pcap_if_t *interfaces; pcap_if_t *interfaces;
char *interface_name=0;
char *file=0; char *file=0;
char *filter=0; char *filter=0;
proto_mod *mod=&ssl_mod;
bpf_u_int32 localnet,netmask; bpf_u_int32 localnet,netmask;
int c; int c;
module_def *m=0; module_def *m=0;
@ -493,6 +504,7 @@ int main(argc,argv)
if(freed_conn && !(NET_print_flags & NET_PRINT_JSON)) if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
printf("Cleaned %d remaining connection(s) from connection pool\n", freed_conn); printf("Cleaned %d remaining connection(s) from connection pool\n", freed_conn);
network_handler_destroy(mod, &n);
pcap_close(p); pcap_close(p);
free(n); free(n);

View file

@ -62,6 +62,7 @@ struct proto_mod_vtbl_ {
proto_obj **objp, proto_obj **objp,
struct in_addr *i_addr,u_short i_port, struct in_addr *i_addr,u_short i_port,
struct in_addr *r_addr,u_short r_port,struct timeval *time_base)); struct in_addr *r_addr,u_short r_port,struct timeval *time_base));
int (*destroy_ctx) PROTO_LIST((void *handle,proto_ctx **ctxp));
int (*destroy) PROTO_LIST((proto_obj **objp)); int (*destroy) PROTO_LIST((proto_obj **objp));
int (*data) PROTO_LIST((proto_obj *obj,segment *data,int direction)); int (*data) PROTO_LIST((proto_obj *obj,segment *data,int direction));
int (*close) PROTO_LIST((proto_obj *obj,packet *p,int direction)); int (*close) PROTO_LIST((proto_obj *obj,packet *p,int direction));

View file

@ -241,8 +241,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
l=p->len - p->tcp->th_off * 4; l=p->len - p->tcp->th_off * 4;
if(l < 0) { if(l < 0) {
if(!(NET_print_flags & NET_PRINT_JSON)) fprintf(stderr,"Malformed packet, computed TCP segment size is negative, skipping ...\n");
printf("Malformed packet, computed TCP segment size is negative, skipping ...\n");
return(0); return(0);
} }

View file

@ -121,6 +121,9 @@ int r_assoc_destroy(assocp)
for(i=0;i<assoc->size;i++) for(i=0;i<assoc->size;i++)
destroy_assoc_chain(assoc->chains[i]); destroy_assoc_chain(assoc->chains[i]);
free(assoc->chains);
free(assoc);
return(0); return(0);
} }

View file

@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script. # Process this file with autoconf to produce a configure script.
AC_PREREQ([2.69]) AC_PREREQ([2.69])
AC_INIT([ssldump], [1.1]) AC_INIT([ssldump], [1.3])
AM_INIT_AUTOMAKE([subdir-objects]) AM_INIT_AUTOMAKE([subdir-objects])
AC_CONFIG_SRCDIR([base/pcap-snoop.c]) AC_CONFIG_SRCDIR([base/pcap-snoop.c])
AC_CONFIG_HEADERS([config.h]) AC_CONFIG_HEADERS([config.h])

View file

@ -2969,6 +2969,7 @@ static int decode_server_name_type_host_name(ssl,dir,seg,data)
if (server_name != NULL) if (server_name != NULL)
{ {
if (ssl->server_name) free(ssl->server_name); if (ssl->server_name) free(ssl->server_name);
if (l > data->len) l = data->len;
memcpy(server_name,data->data,l); memcpy(server_name,data->data,l);
ssl->server_name = server_name; ssl->server_name = server_name;
} }

View file

@ -61,6 +61,7 @@ static int create_ssl_analyzer PROTO_LIST((void *handle,
proto_ctx *ctx,tcp_conn *conn,proto_obj **objp, proto_ctx *ctx,tcp_conn *conn,proto_obj **objp,
struct in_addr *i_addr,u_short i_port, struct in_addr *i_addr,u_short i_port,
struct in_addr *r_addr,u_short r_port, struct timeval *base_time)); struct in_addr *r_addr,u_short r_port, struct timeval *base_time));
static int destroy_ssl_ctx PROTO_LIST((void *handle,proto_ctx **ctxp));
static int destroy_ssl_analyzer PROTO_LIST((proto_obj **objp)); static int destroy_ssl_analyzer PROTO_LIST((proto_obj **objp));
static int read_ssl_record PROTO_LIST((ssl_obj *obj,r_queue *q,segment *seg, static int read_ssl_record PROTO_LIST((ssl_obj *obj,r_queue *q,segment *seg,
int offset,segment **lastp,int *offsetp)); int offset,segment **lastp,int *offsetp));
@ -228,6 +229,16 @@ static int create_ssl_ctx(handle,ctxp)
return(_status); return(_status);
} }
static int destroy_ssl_ctx(handle,ctxp)
void *handle;
proto_ctx **ctxp;
{
ssl_decode_ctx *ctx=0;
ctx=(ssl_decode_ctx *) *ctxp;
ssl_decode_ctx_destroy(&ctx);
return 0;
}
static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn, static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr, proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr,
u_short r_port, struct timeval *base_time) u_short r_port, struct timeval *base_time)
@ -635,6 +646,7 @@ static struct proto_mod_vtbl_ ssl_vtbl ={
parse_ssl_flag, parse_ssl_flag,
create_ssl_ctx, create_ssl_ctx,
create_ssl_analyzer, create_ssl_analyzer,
destroy_ssl_ctx,
destroy_ssl_analyzer, destroy_ssl_analyzer,
data_ssl_analyzer, data_ssl_analyzer,
close_ssl_analyzer, close_ssl_analyzer,

View file

@ -191,6 +191,25 @@ int ssl_decode_ctx_create(dp,keyfile,pass,keylogfile)
#endif #endif
} }
int ssl_decode_ctx_destroy(dp)
ssl_decode_ctx **dp;
{
#ifdef OPENSSL
ssl_decode_ctx *d = *dp;
if(d->ssl_key_log_file) {
fclose(d->ssl_key_log_file);
}
r_assoc *x = d->session_cache;
r_assoc_destroy(&d->session_cache);
SSL_CTX_free(d->ssl_ctx);
SSL_free(d->ssl);
free(d);
#endif
return(0);
}
int ssl_decoder_create(dp,ctx) int ssl_decoder_create(dp,ctx)
ssl_decoder **dp; ssl_decoder **dp;
ssl_decode_ctx *ctx; ssl_decode_ctx *ctx;

View file

@ -52,6 +52,7 @@
int ssl_decode_ctx_create PROTO_LIST((ssl_decode_ctx **ctx, int ssl_decode_ctx_create PROTO_LIST((ssl_decode_ctx **ctx,
char *keyfile,char *password,char *keylogfile)); char *keyfile,char *password,char *keylogfile));
int ssl_decode_ctx_destroy(ssl_decode_ctx **dp);
int ssl_decoder_destroy PROTO_LIST((ssl_decoder **dp)); int ssl_decoder_destroy PROTO_LIST((ssl_decoder **dp));
int ssl_decoder_create PROTO_LIST((ssl_decoder **dp,ssl_decode_ctx *ctx)); int ssl_decoder_create PROTO_LIST((ssl_decoder **dp,ssl_decode_ctx *ctx));
int ssl_set_client_random PROTO_LIST((ssl_decoder *dp, int ssl_set_client_random PROTO_LIST((ssl_decoder *dp,

View file

@ -95,6 +95,7 @@ int process_v2_hello(ssl,seg)
{ {
int r; int r;
int rec_len; int rec_len;
int _status;
UINT4 cs_len; UINT4 cs_len;
UINT4 sid_len; UINT4 sid_len;
UINT4 chall_len; UINT4 chall_len;
@ -104,36 +105,39 @@ int process_v2_hello(ssl,seg)
UCHAR random[32]; UCHAR random[32];
if(seg->len==0) if(seg->len==0)
return(SSL_NO_DATA); ABORT(SSL_NO_DATA);
d.data=seg->data; d.data=seg->data;
d.len=seg->len; d.len=seg->len;
/* First check the message length. */ /* First check the message length. */
if(d.len<4) if(d.len<4)
return(SSL_BAD_CONTENT_TYPE); ABORT(SSL_BAD_CONTENT_TYPE);
rec_len=((d.data[0] & 0x7f)<<8) | (d.data[1]); rec_len=((d.data[0] & 0x7f)<<8) | (d.data[1]);
d.data+=2; d.len-=2; d.data+=2; d.len-=2;
if(d.len!=rec_len) /* Whatever this is it isn't valid SSLv2*/ if(d.len!=rec_len) /* Whatever this is it isn't valid SSLv2*/
return(SSL_BAD_CONTENT_TYPE); ABORT(SSL_BAD_CONTENT_TYPE);
/* If msg_type==1 then we've got a v2 message (or trash)*/ /* If msg_type==1 then we've got a v2 message (or trash)*/
if(*d.data++!=1) if(*d.data++!=1)
return(SSL_BAD_CONTENT_TYPE); ABORT(SSL_BAD_CONTENT_TYPE);
d.len--; d.len--;
SSL_DECODE_UINT16(ssl,"Version number",P_DC,&d,&ver); SSL_DECODE_UINT16(ssl,"Version number",P_DC,&d,&ver);
/* We can't handle real v2 clients*/ /* We can't handle real v2 clients*/
if(ver<=2){ if(ver<=2){
explain(ssl,"Version 2 Client.\n"); explain(ssl,"Version 2 Client.\n");
return(SSL_BAD_DATA); ABORT(SSL_BAD_DATA);
} }
ssl->cur_json_st = json_object_new_object();
ssl_print_record_num(ssl); ssl_print_record_num(ssl);
ssl_print_timestamp(ssl,&seg->p->ts); ssl_print_timestamp(ssl,&seg->p->ts);
ssl_print_direction_indicator(ssl,DIR_I2R); ssl_print_direction_indicator(ssl,DIR_I2R);
explain(ssl," SSLv2 compatible client hello\n"); explain(ssl," SSLv2 compatible client hello\n");
json_object_object_add(ssl->cur_json_st, "msg_type", json_object_new_string("Handshake"));
json_object_object_add(ssl->cur_json_st, "handshake_type", json_object_new_string("ClientHello_v2_compat"));
INDENT_INCR; INDENT_INCR;
@ -148,7 +152,7 @@ int process_v2_hello(ssl,seg)
if(cs_len%3){ if(cs_len%3){
fprintf(stderr,"Bad cipher spec length %d\n",cs_len); fprintf(stderr,"Bad cipher spec length %d\n",cs_len);
return(SSL_BAD_DATA); ABORT(SSL_BAD_DATA);
} }
P_(P_HL){ P_(P_HL){
explain(ssl,"cipher suites\n"); explain(ssl,"cipher suites\n");
@ -166,12 +170,12 @@ int process_v2_hello(ssl,seg)
if(sid_len!=0){ if(sid_len!=0){
fprintf(stderr,"Session ID field should be zero length\n"); fprintf(stderr,"Session ID field should be zero length\n");
return(SSL_BAD_DATA); ABORT(SSL_BAD_DATA);
} }
if(chall_len<16 || chall_len>32){ if(chall_len<16 || chall_len>32){
fprintf(stderr,"Invalid challenge length %d\n",chall_len); fprintf(stderr,"Invalid challenge length %d\n",chall_len);
return(SSL_BAD_DATA); ABORT(SSL_BAD_DATA);
} }
SSL_DECODE_OPAQUE_ARRAY(ssl,0,chall_len, SSL_DECODE_OPAQUE_ARRAY(ssl,0,chall_len,
@ -195,7 +199,18 @@ int process_v2_hello(ssl,seg)
} }
INDENT_POP; INDENT_POP;
return(0);
_status=0;
abort:
if(ssl->cur_json_st) {
if(SSL_print_flags & SSL_PRINT_JSON)
printf("%s\n", json_object_to_json_string(ssl->cur_json_st));
json_object_put(ssl->cur_json_st);
ssl->cur_json_st = NULL;
}
return(_status);
} }
int ssl_decode_switch(ssl,dtable,value,dir,seg,data) int ssl_decode_switch(ssl,dtable,value,dir,seg,data)
@ -276,7 +291,10 @@ int ssl_expand_record(ssl,q,direction,data,len)
printf(" unknown record type: %d\n", ct); printf(" unknown record type: %d\n", ct);
ERETURN(r); ERETURN(r);
} }
ssl_get_enum_str(ssl,enumstr,ContentType_decoder,ct); if((r=ssl_get_enum_str(ssl,enumstr,ContentType_decoder,ct))) {
strncpy(enumstr, "Unknown", 20);
}
json_object_object_add(jobj, "msg_type", json_object_new_string(enumstr)); json_object_object_add(jobj, "msg_type", json_object_new_string(enumstr));
if(!(SSL_print_flags & SSL_PRINT_JSON)) if(!(SSL_print_flags & SSL_PRINT_JSON))