unsigned asn1_integer(struct NetFrame *frame, const unsigned char *px, unsigned length, unsigned *r_offset) { unsigned int_length; unsigned result; unsigned tag; tag = px[(*r_offset)++]; if (tag != 0x0a && tag != 0x02 && tag != 0x01) FRAMERR_BADVAL(frame, "asn1", tag); int_length = asn1_length(frame, px, length, r_offset); if (int_length == 0xFFFFffff) { *r_offset = length; return 0xFFFFffff; } if (*r_offset + int_length > length) { FRAMERR(frame, "snmp: truncated\n"); *r_offset = length; return 0xFFFFffff; } result = 0; while (int_length--) result = result * 256 + px[(*r_offset)++]; return result; }
static void process_ldap_filter(struct NetFrame *frame, const unsigned char *px, unsigned length, unsigned *r_offset, struct FILTER **r_filter) { unsigned len; struct FILTER *filter; *r_filter = (struct FILTER*)malloc(sizeof(struct FILTER)); memset(*r_filter, 0, sizeof(struct FILTER)); filter = *r_filter; filter->tag = asn1_tag(px,length,r_offset); len = asn1_length(frame,px,length,r_offset); if (length > *r_offset+len) length = *r_offset+len; switch (filter->tag) { case 0xa0: /* 'and' - SET OF Filter */ case 0xa1: /* 'or' - SET OF Filter */ while (*r_offset < length) { if (filter->count < 128) { process_ldap_filter(frame, px, length, r_offset, &filter->data.filters[filter->count++]); } else { asn1_tag(px,length,r_offset); len = asn1_length(frame,px,length,r_offset); *r_offset += len; } } break; case 0xa3: /*equalityMatch - AttributeValueAssertion */ case 0xa5: /*greaterOrEqual - AttributeValueAssertion */ case 0xa6: /*lessOrEqual - AttributeValueAssertion */ asn1_string(frame, px, length, r_offset, &filter->data.val.attributeDescription, &filter->data.val.attributeDescription_length); asn1_string(frame, px, length, r_offset, &filter->data.val.assertionValue, &filter->data.val.assertionValue_length); break; case 0xa4: /*substrings - SubstringFilter */ case 0xa7: /*present - AttributeDescription */ case 0xa8: /*approxMatch - AttributeValueAssertion, default */ default: FRAMERR_BADVAL(frame, "ldap", filter->tag); break; } *r_offset = length; }
void process_ldap(struct Ferret *ferret, struct NetFrame *frame, const unsigned char *px, unsigned length) { unsigned offset=0; unsigned outer_length; struct LDAP ldap[1]; if (ferret) return; memset(ldap, 0, sizeof(ldap[0])); /* tag */ if (asn1_tag(px, length, &offset) != 0x30) return; /* length */ outer_length = asn1_length(frame, px, length, &offset); if (length > outer_length + offset) length = outer_length + offset; /* Version */ ldap->message_id = asn1_integer(frame, px, length, &offset); /* PDU */ ldap->message_type = asn1_tag(px, length, &offset); outer_length = asn1_length(frame, px, length, &offset); if (length > outer_length + offset) length = outer_length + offset; switch (ldap->message_type) { case 0x63: process_ldap_search_request(ferret, frame, px+offset, length-offset, ldap); break; default: FRAMERR_BADVAL(frame, "ldap", ldap->message_type); break; } }
void squirrel_ethernet_frame(struct Squirrel *squirrel, struct NetFrame *frame, const unsigned char *px, unsigned length) { unsigned offset; unsigned ethertype; unsigned oui; if (length <= 14) { ; /*FRAMERR(frame, "wifi.data: too short\n");*/ return; } frame->src_mac = px+6; frame->dst_mac = px+0; offset = 12; /* Look for SAP header */ if (offset + 6 >= length) { FRAMERR(frame, "wifi.sap: too short\n"); return; } ethertype = ex16be(px+offset); offset += 2; switch (ethertype) { case 0x0800: squirrel_ip(squirrel, frame, px+offset, length-offset); break; case 0x0806: squirrel_arp(squirrel, frame, px+offset, length-offset); break; case 0x888e: /*802.11x authentication*/ //squirrel_802_1x_auth(squirrel, frame, px+offset, length-offset); break; case 0x86dd: /* IPv6*/ //squirrel_ipv6(squirrel, frame, px+offset, length-offset); break; case 0x809b: //squirrel_ipv6(squirrel, frame, px+offset, length-offset); break; case 0x872d: /* Cisco OWL */ break; case 0x9000: /* Loopback */ break; default: if (ethertype < 1518) { if (memcmp(px+offset, "\xaa\xaa\x03", 3) != 0) { return; } offset +=3 ; oui = ex24be(px+offset); if (squirrel->filter.snap_oui_count) { if (filter_has_port(squirrel->filter.snap_ouis, squirrel->filter.snap_oui_count, oui)) frame->flags.found.filtered = 1; } /* Look for OUI code */ switch (oui){ case 0x000000: /* fall through below */ break; case 0x004096: /* Cisco Wireless */ return; break; case 0x00000c: offset +=3; if (offset < length) { ;//squirrel_cisco00000c(squirrel, frame, px+offset, length-offset); } return; case 0x080007: break; /*apple*/ default: FRAMERR(frame, "Unknown SAP OUI: 0x%06x\n", oui); return; } offset +=3; /* EtherType */ if (offset+2 >= length) { FRAMERR(frame, "ethertype: packet too short\n"); return; } } if (ethertype == length-offset && ex16be(px+offset) == 0xAAAA) { ; } else FRAMERR_BADVAL(frame, "ethertype", ethertype); } }