Skip to content

Commit

Permalink
Fix filling msghdr for sendmsg (#977)
Browse files Browse the repository at this point in the history 
* Fix filling msghdr for sendmsg

* Split nasl_dump_frame

* Change log messages from debug to message level
  • Loading branch information
@jjnicola
jjnicola authored Dec 1, 2021
1 parent c92b753 commit fa10a24
Showing 1 changed file with 44 additions and 27 deletions.
71 changes: 44 additions & 27 deletions nasl/nasl_frame_forgery.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,28 @@ struct pseudo_frame
u_char *payload;
} __attribute__ ((packed));

/** @brief Dump a datalink layer frame
*
* @param frame The frame to be dumped.
* @param frame_sz The frame's size.
*
*/
static void
dump_frame (const u_char *frame, int frame_sz)
{
int f = 0;

printf ("\nThe Frame:\n");
while (f < frame_sz)
{
printf ("%02x%02x ", ((u_char *) frame)[f], ((u_char *) frame)[f + 1]);
f += 2;
if (f % 16 == 0)
printf ("\n");
}
printf ("\n\n");
}

/** @brief Prepare message header to be sent with sendmsg().
*
* @param[out] soc_addr_ll The sockaddr_ll structure to be prepared
Expand All @@ -86,25 +108,32 @@ prepare_sockaddr_ll (struct sockaddr_ll *soc_addr_ll, int ifindex,

/** @brief Prepare message header to be sent with sendmsg().
*
* @param[out] message The packaged messages to be sent
* @param[out] msg The packaged messages to be sent
* @param[in] soc_addr_ll The sockaddr_ll structure for capturing
* @param[in] payload The payload, a datalink layer frame with payload
* @param[in] payload_sz The payload size.
*/
static void
prepare_message (struct msghdr *message, struct sockaddr_ll *soc_addr_ll,
u_char *payload, int payload_sz)
prepare_message (u_char *msg, struct sockaddr_ll *soc_addr_ll, u_char *payload,
int payload_sz)
{
struct iovec iov[1];
iov[0].iov_base = payload;
iov[0].iov_len = payload_sz;
struct iovec iov;
struct msghdr *message;

iov.iov_base = payload;
iov.iov_len = payload_sz;

message = g_malloc0 (sizeof (struct msghdr) + payload_sz);

message->msg_name = soc_addr_ll;
message->msg_namelen = sizeof (struct sockaddr_ll);
message->msg_iov = iov;
message->msg_iov = &iov;
message->msg_iovlen = 1;
message->msg_control = 0;
message->msg_controllen = 0;

memcpy (msg, (u_char *) message, sizeof (struct msghdr) + payload_sz);
g_free (message);
}

/** @brief Send a frame and listen to the answer
Expand All @@ -127,7 +156,7 @@ send_frame (const u_char *frame, int frame_sz, int use_pcap, int timeout,
char *filter, struct in6_addr *ipaddr, u_char **answer)
{
int soc;
struct msghdr message;
u_char *message;
int ifindex;
int bpf = -1;
int frame_and_payload = 0;
Expand All @@ -144,7 +173,7 @@ send_frame (const u_char *frame, int frame_sz, int use_pcap, int timeout,
// We will need the eth index. We get it depending on the target's IP..
if (get_iface_index (ipaddr, &ifindex) < 0)
{
g_debug ("%s: Missing interface index\n", __func__);
g_message ("%s: Missing interface index\n", __func__);
return -1;
}

Expand Down Expand Up @@ -176,13 +205,14 @@ send_frame (const u_char *frame, int frame_sz, int use_pcap, int timeout,
}

// Prepare the message and send it
memset (&message, '\0', sizeof (struct msghdr));
prepare_message (&message, &soc_addr, (u_char *) frame, frame_sz);
message = g_malloc0 (sizeof (struct msghdr) + frame_sz);
prepare_message (message, &soc_addr, (u_char *) frame, frame_sz);

int b = sendmsg (soc, &message, 0);
int b = sendmsg (soc, (struct msghdr *) message, 0);
g_free (message);
if (b == -1)
{
g_debug ("%s: Error sending message: %s", __func__, strerror (errno));
g_message ("%s: Error sending message: %s", __func__, strerror (errno));
return -2;
}
if (bpf >= 0)
Expand Down Expand Up @@ -348,7 +378,6 @@ nasl_dump_frame (lex_ctxt *lexic)
{
u_char *frame = (u_char *) get_str_var_by_name (lexic, "frame");
int frame_sz = get_var_size_by_name (lexic, "frame");
int f = 0;

if (frame == NULL || frame_sz <= 0)
{
Expand All @@ -357,19 +386,7 @@ nasl_dump_frame (lex_ctxt *lexic)
return NULL;
}

if (frame_sz == 0)
return NULL;

printf ("\nThe Frame:\n");
while (f < frame_sz)
{
printf ("%02x%02x ", ((u_char *) frame)[f], ((u_char *) frame)[f + 1]);
f += 2;
if (f % 16 == 0)
printf ("\n");
}
printf ("\n\n");

dump_frame (frame, frame_sz);
return NULL;
}

Expand Down

0 comments on commit fa10a24

Please sign in to comment.