Permalink
Browse files

Check for corrupt/invalid or non version 2.4 pcap files

  • Loading branch information...
1 parent ac8cf5a commit ea99f0685b29c6c47da43b92c41cd2f7b5b39de9 @kunklejr committed Jan 11, 2012
Showing with 28 additions and 9 deletions.
  1. +1 −0 README.md
  2. +23 −5 lib/pcap-parser.js
  3. +1 −1 package.json
  4. +3 −3 test/pcap-parser-test.js
View
@@ -25,6 +25,7 @@ likely care about. Each event is emitted from the parser created with
`new pcapp.Parser`. The `pcapp.Parser` constructor can be passed a
file path or a readable stream.
+pcap-parser only parses version 2.4 of the libpcap file format.
Please see http://wiki.wireshark.org/Development/LibpcapFileFormat for
detailed documentation of the pcap file format.
View
@@ -14,6 +14,10 @@ function onEnd() {
}
function onData(data) {
+ if (this.errored) {
+ return;
+ }
+
updateBuffer.call(this, data);
while (this.state.call(this)) {}
}
@@ -37,19 +41,33 @@ function parseGlobalHeader() {
var buffer = this.buffer;
if (buffer.length >= GLOBAL_HEADER_LENGTH) {
- this.emit('globalHeader', {
+ var header = {
magicNumber: buffer.readUInt32LE(0, true),
majorVersion: buffer.readUInt16LE(4, true),
minorVersion: buffer.readUInt16LE(6, true),
gmtOffset: buffer.readInt32LE(8, true),
timestampAccuracy: buffer.readUInt32LE(12, true),
snapshotLength: buffer.readUInt32LE(16, true),
linkLayerType: buffer.readUInt32LE(20, true)
- });
+ };
- this.buffer = buffer.slice(GLOBAL_HEADER_LENGTH);
- this.state = parsePacketHeader;
- return true;
+ if (header.magicNumber != 2712847316) {
+ this.errored = true;
+ this.stream.pause();
+ this.emit('error', new Error('invalid or corrupt pcap file'));
+ onEnd.call(this);
+ } else if (header.majorVersion != 2 && header.minorVersion != 4) {
+ this.errored = true;
+ this.stream.pause();
+ var msg = util.format('unsupported version %d.%d. pcap-parser only parses libpcap file format 2.4', header.majorVersion, header.minorVersion);
+ this.emit('error', new Error(msg));
+ onEnd.call(this);
+ } else {
+ this.emit('globalHeader', header);
+ this.buffer = buffer.slice(GLOBAL_HEADER_LENGTH);
+ this.state = parsePacketHeader;
+ return true;
+ }
}
return false;
View
@@ -3,7 +3,7 @@
"description": "Packet capture (PCAP) parser for node",
"keywords": ["pcap", "parser"],
"homepage": "https://github.com/nearinfinity/node-pcap-parser",
- "version": "0.0.2",
+ "version": "0.0.3",
"engines": { "node" : ">=0.6.0" },
"maintainers": [
{ "name": "Jeff Kunkle", "email": "jeff.kunkle@nearinfinity.com" },
View
@@ -5,16 +5,16 @@ var path = require('path');
var pcapp = require('../index.js');
vows.describe('pcap-parser').addBatch({
- 'given a bad/malformed pcap file get an error': {
+ 'given a bad/malformed pcap file': {
topic: new pcapp.Parser(fs.createReadStream(path.join(__dirname, 'malformed.pcap'))),
'the parser should emit error event': {
topic: function(parser) {
- parser.once('error', this.callback);
+ parser.once('error', this.callback.bind(this, null));
parser.parse();
},
- 'error should have been called': function(err) {
+ 'error should have been emitted': function(err) {
assert.isNotNull(err);
}
}

0 comments on commit ea99f06

Please sign in to comment.