baigubulu
diff --git a/‎src/tcpedit/plugins/dlt_en10mb/en10mb.c
Lines changed: 12 additions & 5 deletions b/‎src/tcpedit/plugins/dlt_en10mb/en10mb.c
Lines changed: 12 additions & 5 deletions
diff --git a/‎src/tcpedit/plugins/dlt_hdlc/hdlc.c
Lines changed: 19 additions & 7 deletions b/‎src/tcpedit/plugins/dlt_hdlc/hdlc.c
Lines changed: 19 additions & 7 deletions
diff --git a/‎src/tcpedit/plugins/dlt_ieee80211/ieee80211.c
Lines changed: 26 additions & 12 deletions b/‎src/tcpedit/plugins/dlt_ieee80211/ieee80211.c
Lines changed: 26 additions & 12 deletions
diff --git a/‎src/tcpedit/plugins/dlt_ieee80211/ieee80211_hdr.c
Lines changed: 3 additions & 1 deletion b/‎src/tcpedit/plugins/dlt_ieee80211/ieee80211_hdr.c
Lines changed: 3 additions & 1 deletion
diff --git a/‎src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
Lines changed: 22 additions & 7 deletions b/‎src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c
Lines changed: 22 additions & 7 deletions
@@ -275,7 +275,8 @@ dlt_en10mb_decode(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
 
     assert(ctx);
     assert(packet);
-    assert(pktlen >= 14);
+    if (pktlen < 14)
+        return TCPEDIT_ERROR;
 
     /* get our src & dst address */
     eth = (struct tcpr_ethernet_hdr *)packet;
@@ -499,7 +500,8 @@ dlt_en10mb_proto(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
 
     assert(ctx);
     assert(packet);
-    assert(pktlen);
+    if (pktlen < (int) sizeof(*eth))
+        return TCPEDIT_ERROR;
 
     eth = (struct tcpr_ethernet_hdr *)packet;
     switch (ntohs(eth->ether_type)) {
@@ -524,9 +526,12 @@ dlt_en10mb_get_layer3(tcpeditdlt_t *ctx, u_char *packet, const int pktlen)
     int l2len;
     assert(ctx);
     assert(packet);
-    assert(pktlen);
 
     l2len = dlt_en10mb_l2len(ctx, packet, pktlen);
+
+    if (pktlen < l2len)
+        return NULL;
+
     return tcpedit_dlt_l3data_copy(ctx, packet, pktlen, l2len);
 }
 
@@ -546,7 +551,8 @@ dlt_en10mb_merge_layer3(tcpeditdlt_t *ctx, u_char *packet, const int pktlen, u_c
 
     l2len = dlt_en10mb_l2len(ctx, packet, pktlen);
 
-    assert(pktlen >= l2len);
+    if (pktlen < l2len)
+        return NULL;
 
     return tcpedit_dlt_l3data_merge(ctx, packet, pktlen, l3data, l2len);
 }
@@ -560,7 +566,8 @@ dlt_en10mb_get_mac(tcpeditdlt_t *ctx, tcpeditdlt_mac_type_t mac, const u_char *p
 {
     assert(ctx);
     assert(packet);
-    assert(pktlen);
+    if (pktlen < 14)
+        return NULL;
 
     /* FIXME: return a ptr to the source or dest mac address. */
     switch(mac) {
 
@@ -190,7 +190,9 @@ dlt_hdlc_decode(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
     hdlc_extra_t *extra;
     assert(ctx);
     assert(packet);
-    assert(pktlen >= 4);
+
+    if (pktlen < 4)
+        return TCPEDIT_ERROR;
 
     extra = (hdlc_extra_t *)ctx->decoded_extra;
     hdlc = (cisco_hdlc_t *)packet;
@@ -219,9 +221,11 @@ dlt_hdlc_encode(tcpeditdlt_t *ctx, u_char *packet, int pktlen, _U_ tcpr_dir_t di
     int newpktlen;
 
     assert(ctx);
-    assert(pktlen >= 4);
     assert(packet);
 
+    if (pktlen < 4)
+        return TCPEDIT_ERROR;
+
     /* Make room for our new l2 header if old l2len != 4 */
     if (ctx->l2len > 4) {
         memmove(packet + 4, packet + ctx->l2len, pktlen - ctx->l2len);
@@ -277,7 +281,9 @@ dlt_hdlc_proto(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
     cisco_hdlc_t *hdlc;
     assert(ctx);
     assert(packet);
-    assert(pktlen >= 4);
+
+    if (pktlen < 4)
+        return TCPEDIT_ERROR;
 
     hdlc = (cisco_hdlc_t *)packet;
 
@@ -297,7 +303,8 @@ dlt_hdlc_get_layer3(tcpeditdlt_t *ctx, u_char *packet, const int pktlen)
     /* FIXME: Is there anything else we need to do?? */
     l2len = dlt_hdlc_l2len(ctx, packet, pktlen);
 
-    assert(pktlen >= l2len);
+    if (pktlen < l2len)
+        return NULL;
 
     return tcpedit_dlt_l3data_copy(ctx, packet, pktlen, l2len);
 }
@@ -319,7 +326,8 @@ dlt_hdlc_merge_layer3(tcpeditdlt_t *ctx, u_char *packet, const int pktlen, u_cha
     /* FIXME: Is there anything else we need to do?? */
     l2len = dlt_hdlc_l2len(ctx, packet, pktlen);
 
-    assert(pktlen >= l2len);
+    if (pktlen < l2len)
+        return NULL;
 
     return tcpedit_dlt_l3data_merge(ctx, packet, pktlen, l3data, l2len);
 }
@@ -332,7 +340,9 @@ dlt_hdlc_l2len(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
 {
     assert(ctx);
     assert(packet);
-    assert(pktlen);
+
+    if (pktlen < 4)
+        return 0;
 
     /* HDLC is a static 4 bytes */
     return 4;
@@ -347,7 +357,9 @@ dlt_hdlc_get_mac(tcpeditdlt_t *ctx, tcpeditdlt_mac_type_t mac, const u_char *pac
 {
     assert(ctx);
     assert(packet);
-    assert(pktlen);
+
+    if (pktlen < 14)
+        return NULL;
 
     /* FIXME: return a ptr to the source or dest mac address. */
     switch(mac) {
 
@@ -179,9 +179,15 @@ dlt_ieee80211_parse_opts(tcpeditdlt_t *ctx)
 int 
 dlt_ieee80211_decode(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
 {
+    int l2len;
+
     assert(ctx);
     assert(packet);
-    assert(pktlen >= dlt_ieee80211_l2len(ctx, packet, pktlen));
+
+    l2len = dlt_ieee80211_l2len(ctx, packet, pktlen);
+
+    if (pktlen < l2len)
+        return TCPEDIT_ERROR;
 
     dbgx(3, "Decoding 802.11 packet " COUNTER_SPEC, ctx->tcpedit->runtime.packetnum);
     if (! ieee80211_is_data(ctx, packet, pktlen)) {
@@ -196,7 +202,7 @@ dlt_ieee80211_decode(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
         return TCPEDIT_SOFT_ERROR;
     }
 
-    ctx->l2len = dlt_ieee80211_l2len(ctx, packet, pktlen);
+    ctx->l2len = l2len;
     memcpy(&(ctx->srcaddr), ieee80211_get_src((ieee80211_hdr_t *)packet), ETHER_ADDR_LEN);
     memcpy(&(ctx->dstaddr), ieee80211_get_dst((ieee80211_hdr_t *)packet), ETHER_ADDR_LEN);
     ctx->proto = dlt_ieee80211_proto(ctx, packet, pktlen);
@@ -212,7 +218,6 @@ int
 dlt_ieee80211_encode(tcpeditdlt_t *ctx, u_char *packet, int pktlen, _U_ tcpr_dir_t dir)
 {
     assert(ctx);
-    assert(pktlen);
     assert(packet);
 
     tcpedit_seterr(ctx->tcpedit, "%s", "DLT_IEEE802_11 plugin does not support packet encoding");
@@ -234,7 +239,8 @@ dlt_ieee80211_proto(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
     assert(packet);
 
     l2len = dlt_ieee80211_l2len(ctx, packet, pktlen);
-    assert(pktlen >= l2len);
+    if (pktlen < l2len)
+        return TCPEDIT_ERROR;
 
     /* check 802.11 frame control field */
     frame_control = (uint16_t *)packet;
@@ -281,9 +287,11 @@ dlt_ieee80211_get_layer3(tcpeditdlt_t *ctx, u_char *packet, const int pktlen)
 
     l2len = dlt_ieee80211_l2len(ctx, packet, pktlen);
 
-    assert(pktlen >= l2len);
+    if (pktlen < l2len)
+        return NULL;
+
     dbgx(1, "Getting data for packet " COUNTER_SPEC " from offset: %d", ctx->tcpedit->runtime.packetnum, l2len);
-    
+
     return tcpedit_dlt_l3data_copy(ctx, packet, pktlen, l2len);
 }
 
@@ -301,10 +309,10 @@ dlt_ieee80211_merge_layer3(tcpeditdlt_t *ctx, u_char *packet, const int pktlen,
     assert(packet);
     assert(l3data);
 
-    
     l2len = dlt_ieee80211_l2len(ctx, packet, pktlen);
 
-    assert(pktlen >= l2len);
+    if (pktlen < l2len)
+        return NULL;
 
     return tcpedit_dlt_l3data_merge(ctx, packet, pktlen, l3data, l2len);
 }
@@ -323,14 +331,15 @@ dlt_ieee80211_l2len(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
 
     assert(ctx);
     assert(packet);
-    assert(pktlen);
-    
+
+    if (pktlen < (int)sizeof(uint16_t))
+        return 0;
+
     dbgx(2, "packet = %p\t\tplen = %d", packet, pktlen);
 
     frame_control = (uint16_t *)packet;
     fc = ntohs(*frame_control);
 
-    
     if (ieee80211_USE_4(fc)) {
         hdrlen = sizeof(ieee80211_addr4_hdr_t);
     } else {
@@ -356,6 +365,9 @@ dlt_ieee80211_l2len(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
             dbgx(2, "total header length (802.11 + 802.2): %d (%02x/%02x)", hdrlen, hdr->snap_dsap, hdr->snap_ssap);
         }
     }
+
+    if (pktlen < hdrlen)
+        return 0;
 
     dbgx(2, "header length: %d", hdrlen);
     return hdrlen;
@@ -370,8 +382,10 @@ dlt_ieee80211_get_mac(tcpeditdlt_t *ctx, tcpeditdlt_mac_type_t mac, const u_char
 {
     assert(ctx);
     assert(packet);
-    assert(pktlen);
     u_char *macaddr;
+
+    if (pktlen < 14)
+        return NULL;
 
     switch(mac) {
     case SRC_MAC:
 
@@ -121,7 +121,9 @@ ieee80211_is_encrypted(tcpeditdlt_t *ctx, const void *packet, const int pktlen)
 
     assert(ctx);
     assert(packet);
-    assert(pktlen >= (int)sizeof(ieee80211_hdr_t));
+
+    if (pktlen < (int)sizeof(ieee80211_hdr_t))
+        return 0;
 
     frame_control = (uint16_t *)packet;
     fc = ntohs(*frame_control);
 
@@ -214,7 +214,10 @@ dlt_jnpr_ether_decode(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
 
     assert(ctx);
     assert(packet);
-    assert(pktlen > JUNIPER_ETHER_HEADER_LEN); /* MAGIC + Static fields + Extension Length */
+
+    /* MAGIC + Static fields + Extension Length */
+    if (pktlen < JUNIPER_ETHER_HEADER_LEN)
+        return TCPEDIT_ERROR;
 
     config = (jnpr_ether_config_t *)ctx->encoder->config;
 
@@ -272,8 +275,11 @@ int
 dlt_jnpr_ether_encode(tcpeditdlt_t *ctx, u_char *packet, int pktlen, _U_ tcpr_dir_t dir)
 {
     assert(ctx);
-    assert(pktlen > JUNIPER_ETHER_HEADER_LEN); /* MAGIC + Static fields + Extension Length */
     assert(packet);
+
+    /* MAGIC + Static fields + Extension Length */
+    if (pktlen < JUNIPER_ETHER_HEADER_LEN)
+        return TCPEDIT_ERROR;
 
     tcpedit_seterr(ctx->tcpedit, "%s", "DLT_JUNIPER_ETHER plugin does not support packet encoding");
     return TCPEDIT_ERROR;
@@ -292,7 +298,10 @@ dlt_jnpr_ether_proto(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
 
     assert(ctx);
     assert(packet);
-    assert(pktlen > JUNIPER_ETHER_HEADER_LEN); /* MAGIC + Static fields + Extension Length */
+
+    /* MAGIC + Static fields + Extension Length */
+    if (pktlen < JUNIPER_ETHER_HEADER_LEN)
+        return TCPEDIT_ERROR;
 
     config = (jnpr_ether_config_t *)ctx->encoder->config;
 
@@ -335,7 +344,8 @@ dlt_jnpr_ether_get_layer3(tcpeditdlt_t *ctx, u_char *packet, const int pktlen)
 
     l2len = dlt_jnpr_ether_l2len(ctx, packet, pktlen);
 
-    assert(pktlen >= l2len);
+    if (pktlen < l2len)
+        return NULL;
 
     return tcpedit_dlt_l3data_copy(ctx, packet, pktlen, l2len);
 }
@@ -356,7 +366,8 @@ dlt_jnpr_ether_merge_layer3(tcpeditdlt_t *ctx, u_char *packet, const int pktlen,
 
     l2len = dlt_jnpr_ether_l2len(ctx, packet, pktlen);
 
-    assert(pktlen >= l2len);
+    if (pktlen < l2len)
+        return NULL;
 
     return tcpedit_dlt_l3data_merge(ctx, packet, pktlen, l3data, l2len);
 }
@@ -374,7 +385,9 @@ dlt_jnpr_ether_get_mac(tcpeditdlt_t *ctx, tcpeditdlt_mac_type_t mac, const u_cha
 
     assert(ctx);
     assert(packet);
-    assert(pktlen);
+
+    if (pktlen < JUNIPER_ETHER_EXTLEN_OFFSET + 2)
+        return NULL;
 
     config = (jnpr_ether_config_t *)ctx->encoder->config;
 
@@ -399,7 +412,9 @@ dlt_jnpr_ether_l2len(tcpeditdlt_t *ctx, const u_char *packet, const int pktlen)
 
     assert(ctx);
     assert(packet);
-    assert(pktlen);
+
+    if (pktlen < JUNIPER_ETHER_EXTLEN_OFFSET + 2)
+        return 0;
 
     config = (jnpr_ether_config_t *)ctx->encoder->config;