rnhmjoj/fakeroute
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Fix undefined behavior

Browse Source 
Returning a pointer to a static buffer in an object that is later
deleted results in an empty IP header, depending on the compiler and
optimisation level.
Instead we can write directly inside the packet buffer.
This commit is contained in:
Michele Guerini Rocco 2023-06-17 20:41:54 +02:00
parent 8182ef4335
commit f5bff09ffe
Signed by: rnhmjoj
GPG Key ID: BFBAF4C975F76450
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/FakeroutePacket.cpp
View File

@ -110,17 +110,16 @@ void FakeroutePacket::buildIcmpHeader(char* packet, int protocol) {
struct iphdr *fakeIpHdr; struct iphdr *fakeIpHdr;
struct icmp *icmpHeader = (struct icmp*)packet; struct icmp *icmpHeader = (struct icmp*)packet;
char fakePacket[IP_HDR_SIZE] = {0}; icmpHeader->icmp_type = getIcmpType();
fakeIpHdr = (struct iphdr*)fakePacket; icmpHeader->icmp_code = getIcmpCode();
fakeIpHdr = (struct iphdr*) &icmpHeader->icmp_ip;
fakeIpHdr->ihl = 5; fakeIpHdr->ihl = 5;
fakeIpHdr->version = 4; fakeIpHdr->version = 4;
fakeIpHdr->protocol = protocol; fakeIpHdr->protocol = protocol;
fakeIpHdr->saddr = inet_addr(receivedSourceAddress); fakeIpHdr->saddr = inet_addr(receivedSourceAddress);
fakeIpHdr->daddr = inet_addr(spoofedDestinationAddress); fakeIpHdr->daddr = inet_addr(spoofedDestinationAddress);
icmpHeader->icmp_type = getIcmpType();
icmpHeader->icmp_code = getIcmpCode();
icmpHeader->icmp_ip = *(struct ip*)fakePacket;
icmpHeader->icmp_cksum = (unsigned short)in_cksum((unsigned short*)packet, ICMP_HDR_SIZE + 8); icmpHeader->icmp_cksum = (unsigned short)in_cksum((unsigned short*)packet, ICMP_HDR_SIZE + 8);
} }