diff options
| author | Mateusz Piotrowski <0mp@FreeBSD.org> | 2019-08-15 12:00:59 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2021-01-03 20:26:49 +0000 |
| commit | b5c7812dd376dcfa513d948e0d7682c1f613b4ab (patch) | |
| tree | 65e2414a0af435b7dced3af88aa7ee42442eec7a | |
| parent | 9caf8a4a08223ee84cf0e63bde2c42adefe1e5f5 (diff) | |
| download | src-b5c7812dd376dcfa513d948e0d7682c1f613b4ab.tar.gz src-b5c7812dd376dcfa513d948e0d7682c1f613b4ab.zip | |
pf tests: Fix accidental duplication of content
Some files got their contented duplicated in r345409. Some mistakes where
fixed in r345430. The only file that was left with a duplicated content was
CVE-2019-5598.py.
Reviewed by: kp
Approved by: src (kp)
Differential Revision: https://reviews.freebsd.org/D21267
(cherry picked from commit 03d8a4b7d39af6da7ceaaf07211cf0fde1e623ed)
| -rw-r--r-- | tests/sys/netpfil/pf/CVE-2019-5598.py | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/tests/sys/netpfil/pf/CVE-2019-5598.py b/tests/sys/netpfil/pf/CVE-2019-5598.py index 648b8ef9d6f0..1a019ea23fab 100644 --- a/tests/sys/netpfil/pf/CVE-2019-5598.py +++ b/tests/sys/netpfil/pf/CVE-2019-5598.py @@ -63,68 +63,3 @@ def main(): if __name__ == '__main__': main() -#!/usr/local/bin/python2.7 - -import argparse -import scapy.all as sp -import sys -from sniffer import Sniffer - -def check_icmp_error(args, packet): - ip = packet.getlayer(sp.IP) - if not ip: - return False - if ip.dst != args.to[0]: - return False - - icmp = packet.getlayer(sp.ICMP) - if not icmp: - return False - if icmp.type != 3 or icmp.code != 3: - return False - - return True - -def main(): - parser = argparse.ArgumentParser("CVE-2019-icmp.py", - description="CVE-2019-icmp test tool") - parser.add_argument('--sendif', nargs=1, - required=True, - help='The interface through which the packet will be sent') - parser.add_argument('--recvif', nargs=1, - required=True, - help='The interface on which to check for the packet') - parser.add_argument('--src', nargs=1, - required=True, - help='The source IP address') - parser.add_argument('--to', nargs=1, - required=True, - help='The destination IP address') - - args = parser.parse_args() - - # Send the allowed packet to establish state - udp = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.UDP(dport=53, sport=1234) - sp.sendp(udp, iface=args.sendif[0], verbose=False) - - # Start sniffing on recvif - sniffer = Sniffer(args, check_icmp_error) - - # Send the bad error packet - icmp_reachable = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.ICMP(type=3, code=3) / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.UDP(dport=53, sport=1234) - sp.sendp(icmp_reachable, iface=args.sendif[0], verbose=False) - - sniffer.join() - if sniffer.foundCorrectPacket: - sys.exit(1) - - sys.exit(0) - -if __name__ == '__main__': - main() |