Permalink
Browse files

p0f-3.05b

e6f39c3811e681272e772f33588aa46b75975708  /p0f-3.05b.tgz
  • Loading branch information...
1 parent aeba031 commit 8f6712ec32dd745dd0f3749b3dd8738179c8680b @lcamtuf lcamtuf committed with majek May 14, 2012
Showing with 53 additions and 22 deletions.
  1. +1 −1 build.sh
  2. +9 −0 docs/ChangeLog
  3. +1 −0 docs/README
  4. +1 −1 fp_tcp.c
  5. +38 −17 hash.h
  6. +3 −3 types.h
View
@@ -9,7 +9,7 @@
#
PROGNAME="p0f"
-VERSION="3.04b"
+VERSION="3.05b"
test "$CC" = "" && CC="gcc"
View
@@ -1,3 +1,12 @@
+Version 3.05b:
+--------------
+
+Bug fixes:
+
+ - Cleaned up hash.h to avoid pointless OOB reads, alignment issues.
+
+ - Fixed divide-by-zero in MSS calculations
+
Version 3.04b:
--------------
View
@@ -889,6 +889,7 @@ including:
Phil Ames
Jannich Brendle
+ Matthew Dempsky
Jason DePriest
Dalibor Dukic
Mark Martinec
View
@@ -56,7 +56,7 @@ static s16 detect_win_multi(struct tcp_sig* ts, u8* use_mtu, u16 syn_mss) {
return -1;
#define RET_IF_DIV(_div, _use_mtu, _desc) do { \
- if (!(win % (_div))) { \
+ if ((_div) && !(win % (_div))) { \
*use_mtu = (_use_mtu); \
DEBUG("[#] Window size %u is a multiple of %s [%u].\n", win, _desc, _div); \
return win / (_div); \
View
55 hash.h
@@ -18,16 +18,16 @@
static inline u32 hash32(const void* key, u32 len, u32 seed) {
- const u32 *k = (const u32*)key;
u32 a, b, c;
+ const u8* k = key;
a = b = c = 0xdeadbeef + len + seed;
while (len > 12) {
- a += k[0];
- b += k[1];
- c += k[2];
+ a += RD32p(k);
+ b += RD32p(k + 4);
+ c += RD32p(k + 8);
a -= c; a ^= ROL32(c, 4); c += b;
b -= a; b ^= ROL32(a, 6); a += c;
@@ -37,26 +37,47 @@ static inline u32 hash32(const void* key, u32 len, u32 seed) {
c -= b; c ^= ROL32(b, 4); b += a;
len -= 12;
- k += 3;
+ k += 12;
}
switch (len) {
- case 12: c += k[2]; b += k[1]; a += k[0]; break;
- case 11: c += k[2] & 0xffffff; b += k[1]; a += k[0]; break;
- case 10: c += k[2] & 0xffff; b += k[1]; a += k[0]; break;
- case 9: c += k[2] & 0xff; b += k[1]; a += k[0]; break;
+ case 12: c += RD32p(k + 8);
+ b += RD32p(k+ 4);
+ a += RD32p(k); break;
- case 8: b += k[1]; a += k[0]; break;
- case 7: b += k[1] & 0xffffff; a += k[0]; break;
- case 6: b += k[1] & 0xffff; a += k[0]; break;
- case 5: b += k[1] & 0xff; a += k[0]; break;
+ case 11: c += (RD16p(k + 8) << 8) | k[10];
+ b += RD32p(k + 4);
+ a += RD32p(k); break;
- case 4: a += k[0]; break;
- case 3: a += k[0] & 0xffffff; break;
- case 2: a += k[0] & 0xffff; break;
- case 1: a += k[0] & 0xff; break;
+ case 10: c += RD16p(k + 8);
+ b += RD32p(k + 4);
+ a += RD32p(k); break;
+
+ case 9: c += k[8];
+ b += RD32p(k + 4);
+ a += RD32p(k); break;
+
+ case 8: b += RD32p(k + 4);
+ a += RD32p(k); break;
+
+ case 7: b += (RD16p(k + 4) << 8) | k[6] ;
+ a += RD32p(k); break;
+
+ case 6: b += RD16p(k + 4);
+ a += RD32p(k); break;
+
+ case 5: b += k[4];
+ a += RD32p(k); break;
+
+ case 4: a += RD32p(k); break;
+
+ case 3: a += (RD16p(k) << 8) | k[2]; break;
+
+ case 2: a += RD16p(k); break;
+
+ case 1: a += k[0]; break;
case 0: return c;
View
@@ -37,9 +37,9 @@ typedef int64_t s64;
# define RD16p(_ptr) ({ u16 _ret; memcpy(&_ret, _ptr, 2); _ret; })
# define RD32p(_ptr) ({ u32 _ret; memcpy(&_ret, _ptr, 4); _ret; })
#else
-# define RD16(_val) (_val)
-# define RD32(_val) (_val)
-# define RD16p(_ptr) (*((u32*)(_ptr)))
+# define RD16(_val) ((u16)_val)
+# define RD32(_val) ((u32)_val)
+# define RD16p(_ptr) (*((u16*)(_ptr)))
# define RD32p(_ptr) (*((u32*)(_ptr)))
#endif /* ^ALIGN_ACCESS */

0 comments on commit 8f6712e

Please sign in to comment.