Bug appneta#451 Handle sequence overflows properly (appneta#515)

* Bug appneta#451 Handle sequence overflows properly Must convert to CPU order before sequence number math. Otherwise overflows result in corrupt sequence numbers. Also change to internal random number generator so that big-endian and little-endian seeding is identical. * Bug appneta#451 test signature file updates
baigubulu · Oct 25, 2018 · b0aaf9b · b0aaf9b
1 parent 9b46677
commit b0aaf9b
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 8 deletions.
diff --git a/src/tcpedit/rewrite_sequence.c b/src/tcpedit/rewrite_sequence.c
@@ -48,17 +48,17 @@ rewrite_seqs(tcpedit_t *tcpedit, tcp_hdr_t *tcp_hdr)
     uint32_t newnum;
 
     while (tcpedit->rewrite_sequence == 1)
-        tcpedit->rewrite_sequence = rand() * (4294967296 / RAND_MAX);
+        tcpedit->rewrite_sequence = tcpr_random(&tcpedit->rewrite_sequence);
 
-    newnum = tcp_hdr->th_seq + tcpedit->rewrite_sequence;
-    csum_replace4(&tcp_hdr->th_sum, tcp_hdr->th_seq, newnum);
-    tcp_hdr->th_seq = newnum;
+    newnum = ntohl(tcp_hdr->th_seq) + tcpedit->rewrite_sequence;
+    csum_replace4(&tcp_hdr->th_sum, tcp_hdr->th_seq, htonl(newnum));
+    tcp_hdr->th_seq = htonl(newnum);
 
     /* first packet of 3-way handshake must have an ACK of zero - #450 */
     if (!((tcp_hdr->th_flags & TH_SYN) && !(tcp_hdr->th_flags & TH_ACK))) {
-        newnum = tcp_hdr->th_ack + tcpedit->rewrite_sequence;
-        csum_replace4(&tcp_hdr->th_sum, tcp_hdr->th_ack, newnum);
-        tcp_hdr->th_ack = newnum;
+        newnum = ntohl(tcp_hdr->th_ack) + tcpedit->rewrite_sequence;
+        csum_replace4(&tcp_hdr->th_sum, tcp_hdr->th_ack, htonl(newnum));
+        tcp_hdr->th_ack = htonl(newnum);
     }
 
     return 0;

diff --git a/test/Makefile.am b/test/Makefile.am
@@ -374,7 +374,7 @@ if WORDS_BIGENDIAN
 else
 	diff $(srcdir)/test2.$@ test.$@1 >> test.log 2>&1
 endif
-	if [ $? ] ; then $(PRINTF) "\t\t\t%s\n" "FAILED"; else $(PRINTF) "\t\t\t%s\n" "OK"; fi
+	if [ $? ] ; then $(PRINTF) "\t\t\t%s\n" "FAILED"; else $(PRINTF) "\t\t%s\n" "OK"; fi
 
 rewrite_endpoint:
 	$(PRINTF) "%s" "[tcprewrite] Endpoint test: "

diff --git a/test/test.rewrite_sequence b/test/test.rewrite_sequence
diff --git a/test/test2.rewrite_sequence b/test/test2.rewrite_sequence