Fixed option parsing bug in TCP.

2026-01-23 02:35:57 +01:00 · 2011-09-07 08:31:00 -03:00
parent 577472e790
commit 7f40e95862
1 changed files with 13 additions and 9 deletions
--- a/src/tcp.cpp
+++ b/src/tcp.cpp
@@ -60,6 +60,9 @@ Tins::TCP::TCP(const uint8_t *buffer, uint32_t total_sz) : PDU(IPPROTO_TCP) {
    buffer += sizeof(tcphdr);
    total_sz -= sizeof(tcphdr);
    
+    _total_options_size = 0;
+    _options_size = 0;
+    
    uint32_t index = 0, header_end = (data_offset() * sizeof(uint32_t)) - sizeof(tcphdr);
    if(total_sz >= header_end) {
        uint8_t args[2] = {0};
@@ -71,12 +74,11 @@ Tins::TCP::TCP(const uint8_t *buffer, uint32_t total_sz) : PDU(IPPROTO_TCP) {
            }
            // We don't want to store NOPs and EOLs
            if(args[0] != NOP && args[0] != EOL)  {
+                args[1] -= (sizeof(uint8_t) << 1);
                if(args[1]) {
                    // Not enough size for this option
-                    if(header_end - index < args[1] - (sizeof(uint8_t) << 1)) {
+                    if(header_end - index < args[1])
                        throw std::runtime_error("Not enought size for a TCP header in the buffer.");
-                    }
-                    args[1] -= (sizeof(uint8_t) << 1);
                    add_option((Options)args[0], args[1], buffer + index);
                }
                index += args[1];
@@ -88,8 +90,6 @@ Tins::TCP::TCP(const uint8_t *buffer, uint32_t total_sz) : PDU(IPPROTO_TCP) {
        }
        buffer += index;
        total_sz -= index;
-        _total_options_size = header_end;
-        _options_size = (_total_options_size / 4) * 4;
    }
    if(total_sz)
        inner_pdu(new RawPDU(buffer, total_sz));
@@ -208,8 +208,11 @@ void Tins::TCP::set_flag(Flags tcp_flag, uint8_t value) {
 }

 void Tins::TCP::add_option(Options tcp_option, uint8_t length, const uint8_t *data) {
-    uint8_t *new_data = new uint8_t[length], padding;
-    memcpy(new_data, data, length);
+    uint8_t *new_data = 0, padding;
+    if(length) {
+        new_data = new uint8_t[length];
+        memcpy(new_data, data, length);
+    }
    _options.push_back(TCPOption(tcp_option, length, new_data));
    _options_size += length + (sizeof(uint8_t) << 1);
    padding = _options_size & 3;
@@ -259,8 +262,9 @@ uint8_t *Tins::TCP::TCPOption::write(uint8_t *buffer) {
    else {
        buffer[0] = kind;
        buffer[1] = length + (sizeof(uint8_t) << 1);
-        memcpy(buffer + 2, data, length);
-        return buffer + length + (sizeof(uint8_t) << 1);
+        if(data)
+            memcpy(buffer + 2, data, length);
+        return buffer + buffer[1];
    }
 }