Merge branch 'Enhancement_#493_codacy_fixes' into coverity_scan

* Enhancement_#493_codacy_fixes: (26 commits)
  Enhancement #493 - fixes for Codacy identified issues
  Bug #486 Enforce max snaplen rather than doing realloc
  Bug #486 CVE-2018-17974 realloc memory if packet size increases
  Bug #484 CVE-2018-17582 Check for corrupt PCAP files
  4.3 - revert travis updates from merge
  Remove dead code
  resolve possible null pointer dereference
  travis-ci: add autogen package
  Bug #461 build warnings (#462)
  #412 fix gcc 6.3 compiler warning
  #421 fix ms to ns conversion
  Bug #423 remove commented code
  Bug #423 Remove limit for tcpprep -S
  Bug #398 Rewrite of tcpdump.c (#457)
  Bug #402 memset dlt radiotap get 80211 (#454)
  #404 fix check_list return values (#453)
  #406 fix zero-length IP headers
  #416 apply STDIN restore to all programs
  #416 fix compile issue introduced by downstream PR
  #416 update CHANGELOG [ci skip]
  ...

README.md

@@ -2,7 +2,6 @@ Tcpreplay
 =========
 [![Build Status](https://travis-ci.org/appneta/tcpreplay.svg?branch=master)](https://travis-ci.org/appneta/tcpreplay)
 [![Coverity Scan Build Status](https://scan.coverity.com/projects/12017/badge.svg)](https://scan.coverity.com/projects/12017)
-[![Code Climate](https://codeclimate.com/github/appneta/tcpreplay.png)](https://codeclimate.com/github/appneta/tcpreplay)
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/0e49d208c69e440182ba21109ecaf31d)](https://www.codacy.com/app/fklassen/tcpreplay?utm_source=github.com&utm_medium=referral&utm_content=appneta/tcpreplay&utm_campaign=badger)
 [![Website](https://img.shields.io/website-up-down-green-red/http/shields.io.svg)](http://tcpreplay.appneta.com)
 

configure.ac

@@ -4,7 +4,7 @@ dnl $Id$
 AC_PREREQ([2.69])
 
 dnl Set version info here!
-AC_INIT([tcpreplay],[4.3.0-beta1],
+AC_INIT([tcpreplay],[4.3.0-beta2],
     [https://github.com/appneta/tcpreplay/issues],
     [tcpreplay],
     [http://tcpreplay.sourceforge.net/])
@@ -1291,7 +1291,6 @@ dnl ###########################################################
 if test "x$NETMAPINCDIR" != "x"; then
     OLDCPPFLAGS="$CPPFLAGS"
     CPPFLAGS="$CPPFLAGS -DNETMAP_WITH_LIBS -DND -I$NETMAPINCDIR"
-    AC_CHECK_HEADERS(stdio.h net/netmap_user.h)
 
     have_nm_open=no
     have_nm_nr_reg_mask=no
@@ -1492,12 +1491,13 @@ dnl If doesn't exist, we'll define them in src/common/fakepcap.h
 AC_MSG_CHECKING(for DLT_LINUX_SLL in libpcap)
 AC_TRY_COMPILE([#include "$LPCAPINC"],
                [ int foo;
-                 foo = DLT_LINUX_SLL ],
-                [ AC_DEFINE([HAVE_DLT_LINUX_SLL], [1],
-                            [Does pcap.h include a header with DLT_LINUX_SLL?])
-                  AC_MSG_RESULT(yes)
-                ],
-                AC_MSG_RESULT(no)
+                 foo = DLT_LINUX_SLL
+               ],
+               [ AC_DEFINE([HAVE_DLT_LINUX_SLL], [1],
+                           [Does pcap.h include a header with DLT_LINUX_SLL?])
+                 AC_MSG_RESULT(yes)
+               ],
+               [AC_MSG_RESULT(no)]
                )
 
 AC_MSG_CHECKING(for DLT_C_HDLC in libpcap)
@@ -1547,22 +1547,29 @@ for testfile in $LPCAPINCDIR/pcap/bpf.h $LPCAPINCDIR/pcap-bpf.h ; do
                 AC_SUBST(PCAP_BPF_H_FILE)
                 AC_DEFINE([INCLUDE_PCAP_BPF_HEADER], [1],
                         [What is the path (if any) to the libpcap bpf header file?])
-                AC_MSG_RESULT($testfile)
-            ],
-            AC_MSG_RESULT(no)
+            ]
             )
     fi
 done
 
+if test $foundbpfheader != no; then
+    AC_MSG_RESULT($testfile)
+else
+    AC_MSG_RESULT(no)
+fi
+
 dnl ## Test for netmap-libpcap
 have_pcap_netmap=no
 if test $foundpcap != no ; then
+	AC_MSG_CHECKING(for netmap libpcap)
     PCAP_NETMAP_C_FILE="$LPCAPINCDIR/pcap-netmap.c"
     if test -f "${PCAP_NETMAP_C_FILE}" ; then
         AC_DEFINE([HAVE_LIBPCAP_NETMAP], [1],
                                    [Does this version of libpcap support netmap?])
-        AC_MSG_RESULT(yes)
         have_pcap_netmap=yes
+        AC_MSG_RESULT(yes)
+    else
+        AC_MSG_RESULT(no)
     fi
 fi
 

docs/CHANGELOG

@@ -1,11 +1,26 @@
+10/18/2018 Version 4.3.0 beta2
+    - fix issues identifed by Codacy (#493)
+    - CVE-2018-17974 heap-buffer-overflow dlt_en10mb_encode (#486)
+    - CVE-2018-17582 heap-buffer-overflow in get_next_packet (#484)
+    - CVE-2018-13112 heap-buffer-overflow in get_l2len (#477 dup #408)
+
 01/18/2018 Version 4.3.0 beta1
     - Travis CI build fails due to new build images (#432)
     - Unable to build with libpcap 1.8.1 (#430)
+    - tcpprep -S not working for large cache files (#423)
+    - Unable to tcprewrite range of ports with --portmap (#422)
+    - --maxsleep broken for values less than 1000 (#421)
+    - Avoid non-blocking behaviour when using STDIN (#416)
+    - pcap containing >1020 packets produces invalid cache file (#415)
     - heap-buffer-overflow in get_l2protocol (#410)
     - heap-buffer-overflow in packet2tree (#409)
     - heap-buffer-overflow in get_l2len (#408)
     - heap-buffer-overflow in flow_decode (#407)
+    - Rewrite zero IP total length field to match the actual packet length (#406)
     - stack-buffer-overflow in tcpcapinfo (#405)
+    - tcpprep --include option does not exclude (#404)
+    - Negative-size-param memset in dlt_radiotap_get_80211 (#402)
+    - tcpeplay --verbose option not working (#398)
 
 05/10/2017 Version 4.2.6
     - Test fails on sparc64 (#393)
@@ -42,7 +57,7 @@
     - Packet destortion --fuzz-seed option by Gabriel Ganne (#302)
     - Add --unique-ip-loops option to modify IPs every few loops (#296)
     - Netmap startup delay increase (#290)
-    - tcpcapinfo buffer overflow vulnerablily (#278)
+    - CVE-2017-6429 tcpcapinfo buffer overflow vulnerablily (#278)
     - Update git-clone instructions by Kyle McDonald (#277)
     - Allow fractions for --pps option (#270)
     - Print per-loop stats with --stats=0 (#269)

libopts/nested.c

@@ -783,12 +783,23 @@ optionLoadNested(char const * text, char const * name, size_t nm_len)
             text = scan_name(text, res_val);
 
         else switch (*text) {
-        case NUL: goto scan_done;
-        case '<': text = scan_xml(text, res_val);
-                  if (text == NULL) goto woops;
-                  if (*text == ',') text++; break;
-        case '#': text = strchr(text, NL);  break;
-        default:  goto woops;
+        case NUL:
+            goto scan_done;
+
+        case '<':
+            text = scan_xml(text, res_val);
+            if (text == NULL)
+                goto woops;
+            if (text[0] == ',')
+                text++;
+            break;
+
+        case '#':
+            text = strchr(text, NL);
+            break;
+
+        default:
+            goto woops;
         }
     } while (text != NULL); scan_done:;
 

src/common/cache.c

@@ -271,7 +271,6 @@ add_cache(tcpr_cache_t ** cachedata, const int send, const tcpr_dir_t interface)
         lastcache = *cachedata;
     }
     else {
-        lastcache = *cachedata;
         /* check to see if this is the last bit in this struct */
         if ((lastcache->packets + 1) > (CACHEDATASIZE * CACHE_PACKETS_PER_BYTE)) {
             /*

src/common/cidr.c

@@ -241,7 +241,7 @@ cidr2cidr(char *cidr)
             if (octets[count] > 255)
                 goto error;
 
-            snprintf(tempoctet, sizeof(octets[count]), "%d", octets[count]);
+            snprintf(tempoctet, sizeof(octets[count]), "%u", octets[count]);
             strcat(networkip, tempoctet);
             /* we don't want a '.' at the end of the last octet */
             if (count < 3)

src/common/get.c

@@ -78,13 +78,8 @@ get_pcap_version(void)
 uint16_t
 get_l2protocol(const u_char *pktdata, const int datalen, const int datalink)
 {
-    eth_hdr_t *eth_hdr;
-    vlan_hdr_t *vlan_hdr;
-    hdlc_hdr_t *hdlc_hdr;
-    sll_hdr_t *sll_hdr;
     uint16_t ether_type;
     uint16_t eth_hdr_offset = 0;
-    struct tcpr_pppserial_hdr *ppp;
 
     if (!pktdata || !datalen) {
         errx(-1, "invalid l2 parameters: pktdata=0x%p len=%d",
@@ -111,10 +106,11 @@ get_l2protocol(const u_char *pktdata, const int datalen, const int datalink)
         } else {
             eth_hdr_offset = 4; /* no header extensions */
         }
-        /* fall through */
+        /* no break */
     case DLT_EN10MB:
         if (datalen >= (sizeof(eth_hdr_t) + eth_hdr_offset)) {
-            eth_hdr = (eth_hdr_t *)(pktdata + eth_hdr_offset);
+            vlan_hdr_t *vlan_hdr;
+            eth_hdr_t *eth_hdr = (eth_hdr_t *)(pktdata + eth_hdr_offset);
             ether_type = ntohs(eth_hdr->ether_type);
             switch (ether_type) {
             case ETHERTYPE_VLAN: /* 802.1q */
@@ -128,7 +124,7 @@ get_l2protocol(const u_char *pktdata, const int datalen, const int datalink)
 
     case DLT_PPP_SERIAL:
         if (datalen >= sizeof(struct tcpr_pppserial_hdr)) {
-            ppp = (struct tcpr_pppserial_hdr *)pktdata;
+            struct tcpr_pppserial_hdr *ppp = (struct tcpr_pppserial_hdr *)pktdata;
             if (ntohs(ppp->protocol) == 0x0021)
                 return htons(ETHERTYPE_IP);
             else
@@ -138,14 +134,14 @@ get_l2protocol(const u_char *pktdata, const int datalen, const int datalink)
 
     case DLT_C_HDLC:
         if (datalen >= sizeof(hdlc_hdr_t)) {
-            hdlc_hdr = (hdlc_hdr_t *)pktdata;
+            hdlc_hdr_t *hdlc_hdr = (hdlc_hdr_t *)pktdata;
             return hdlc_hdr->protocol;
         }
         break;
 
     case DLT_LINUX_SLL:
         if (datalen >= sizeof(sll_hdr_t)) {
-            sll_hdr = (sll_hdr_t *)pktdata;
+            sll_hdr_t *sll_hdr = (sll_hdr_t *)pktdata;
             return sll_hdr->sll_protocol;
         }
         break;
@@ -166,8 +162,6 @@ get_l2protocol(const u_char *pktdata, const int datalen, const int datalink)
 int
 get_l2len(const u_char *pktdata, const int datalen, const int datalink)
 {
-    uint16_t ether_type = 0;
-    vlan_hdr_t *vlan_hdr;
     int l2_len = 0;
 
     assert(pktdata);
@@ -180,13 +174,13 @@ get_l2len(const u_char *pktdata, const int datalen, const int datalink)
 
     case DLT_JUNIPER_ETHER:
         l2_len = 24;
-        /* fall through */
+        /* no break */
     case DLT_EN10MB:
         if (datalen >= sizeof(eth_hdr_t) + l2_len) {
-            ether_type = ntohs(((eth_hdr_t*)(pktdata + l2_len))->ether_type);
+            uint16_t ether_type = ntohs(((eth_hdr_t*)(pktdata + l2_len))->ether_type);
 
             while (ether_type == ETHERTYPE_VLAN) {
-                vlan_hdr = (vlan_hdr_t *)(pktdata + l2_len);
+                vlan_hdr_t *vlan_hdr = (vlan_hdr_t *)(pktdata + l2_len);
                 ether_type = ntohs(vlan_hdr->vlan_len);
                 l2_len += 4;
                 if (datalen < sizeof(vlan_hdr_t) + l2_len) {

src/common/interface.c

@@ -84,8 +84,8 @@ get_interface_list(void)
     int fd = -1;
     nmreq_t nmr;
 #endif
-#if defined HAVE_LIBPCAP_NETMAP || defined HAVE_NETMAP
-    u_int32_t netmap_version = -1;
+#ifdef HAVE_NETMAP
+    u_int32_t netmap_version;
 #endif
 
 #ifndef HAVE_WIN32
@@ -135,8 +135,6 @@ get_interface_list(void)
             strncpy(nmr.nr_name, pcap_if_ptr->name, sizeof(nmr.nr_name));
             nmr.nr_version = netmap_version;
             if (ioctl(fd, NIOCGINFO, &nmr) == 0) {
-                int x;
-
 #endif /* HAVE_NETMAP */
 #if defined HAVE_LIBPCAP_NETMAP || defined HAVE_NETMAP
                 list_ptr->next = (interface_list_t *)safe_malloc(sizeof(interface_list_t));
@@ -150,8 +148,11 @@ get_interface_list(void)
                 snprintf(list_ptr->name, sizeof(list_ptr->name), "netmap:%s", pcap_if_ptr->name);
                 sprintf(list_ptr->alias, "%%%d", i++);
                 list_ptr->flags = pcap_if_ptr->flags;
-
+#endif /* HAVE_LIBPCAP_NETMAP  || HAVE_NETMAP */
+#ifdef HAVE_NETMAP
                 if (netmap_version >= 10) {
+                    int x;
+
                     list_ptr->next = (interface_list_t *)safe_malloc(sizeof(interface_list_t));
                     list_ptr = list_ptr->next;
                     snprintf(list_ptr->name, sizeof(list_ptr->name), "netmap:%s!", pcap_if_ptr->name);
@@ -169,10 +170,6 @@ get_interface_list(void)
                     snprintf(list_ptr->name, sizeof(list_ptr->name), "netmap:%s^", pcap_if_ptr->name);
                     sprintf(list_ptr->alias, "%%%d", i++);
                     list_ptr->flags = pcap_if_ptr->flags;
-                }
-#endif /* HAVE_LIBPCAP_NETMAP  || HAVE_NETMAP */
-#ifdef HAVE_NETMAP
-                if (netmap_version >= 10) {
                     for (x = 0; x < nmr.nr_rx_rings; ++x) {
                         list_ptr->next = (interface_list_t *)safe_malloc(sizeof(interface_list_t));
                         list_ptr = list_ptr->next;

src/common/list.c

@@ -1,5 +1,3 @@
-/* $Id$ */
-
 /*
  *   Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
  *   Copyright (c) 2013-2018 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
@@ -62,14 +60,14 @@ parse_list(tcpr_list_t ** listdata, char *ourstr)
     char *first, *second;
     int rcode;
     regex_t preg;
-    char ebuf[EBUF_SIZE];
     char regex[] = "^[0-9]+(-[0-9]+)?$";
     char *token = NULL;
     u_int i;
 
 
     /* compile the regex first */
     if ((rcode = regcomp(&preg, regex, REG_EXTENDED | REG_NOSUB)) != 0) {
+        char ebuf[EBUF_SIZE];
         regerror(rcode, &preg, ebuf, sizeof(ebuf));
         errx(-1, "Unable to compile regex (%s): %s", regex, ebuf);
     }
@@ -147,6 +145,7 @@ parse_list(tcpr_list_t ** listdata, char *ourstr)
 
 /**
  * Checks to see if the given integer exists in the LIST.
+ * Return 1 if in the list, otherwise 0
  */
 tcpr_dir_t
 check_list(tcpr_list_t * list, COUNTER value)
@@ -157,28 +156,22 @@ check_list(tcpr_list_t * list, COUNTER value)
     do {
         if ((current->min != 0) && (current->max != 0)) {
             if ((value >= current->min) && (value <= current->max))
-                return TCPR_DIR_C2S;
-        }
-        else if (current->min == 0) {
+                return 1;
+        } else if (current->min == 0) {
             if (value <= current->max)
-                return TCPR_DIR_C2S;
-        }
-        else if (current->max == 0) {
+                return 1;
+        } else if (current->max == 0) {
             if (value >= current->min)
-                return TCPR_DIR_C2S;
+                return 1;
         }
 
-        if (current->next != NULL) {
+        if (current->next != NULL)
             current = current->next;
-        }
-        else {
+        else
             current = NULL;
-        }
-
     } while (current != NULL);
 
-    return TCPR_DIR_S2C;
-
+    return 0;
 }
 
 

src/common/sendpacket.c

@@ -486,7 +486,6 @@ sendpacket_open(const char *device, char *errbuf, tcpr_dir_t direction,
                   errx(-1, "\"%s\" is a block device and is not a valid Tcpreplay device",
                       device);
                   break;
-                  break;
               case S_IFDIR:
                   errx(-1, "\"%s\" is a directory and is not a valid Tcpreplay device",
                       device);

src/common/services.c

@@ -71,11 +71,6 @@ parse_services(const char *file, tcpr_services_t *services)
         /* look for format of 1234/tcp */
         if ((regexec(&preg, service_line, nmatch, pmatch, 0)) == 0) { /* matches */
             uint16_t portc;
-
-            if (nmatch < 2) {
-                err(-1, "WTF?  I matched the line, but I don't know where!");
-            }
-
             /* strip out the port & proto from the line */
             strncpy(port, &service_line[pmatch[1].rm_so], (pmatch[1].rm_eo - pmatch[1].rm_so));
             strncpy(proto, &service_line[pmatch[2].rm_so], (pmatch[2].rm_eo - pmatch[2].rm_so));