diff --git a/tests/sys/netpfil/pf/CVE-2019-5598.py b/tests/sys/netpfil/pf/CVE-2019-5598.py index 648b8ef9d6f0..1a019ea23fab 100644 --- a/tests/sys/netpfil/pf/CVE-2019-5598.py +++ b/tests/sys/netpfil/pf/CVE-2019-5598.py @@ -1,130 +1,65 @@ #!/usr/local/bin/python2.7 import argparse import scapy.all as sp import sys from sniffer import Sniffer def check_icmp_error(args, packet): ip = packet.getlayer(sp.IP) if not ip: return False if ip.dst != args.to[0]: return False icmp = packet.getlayer(sp.ICMP) if not icmp: return False if icmp.type != 3 or icmp.code != 3: return False return True def main(): parser = argparse.ArgumentParser("CVE-2019-icmp.py", description="CVE-2019-icmp test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') args = parser.parse_args() # Send the allowed packet to establish state udp = sp.Ether() / \ sp.IP(src=args.src[0], dst=args.to[0]) / \ sp.UDP(dport=53, sport=1234) sp.sendp(udp, iface=args.sendif[0], verbose=False) # Start sniffing on recvif sniffer = Sniffer(args, check_icmp_error) # Send the bad error packet icmp_reachable = sp.Ether() / \ sp.IP(src=args.src[0], dst=args.to[0]) / \ sp.ICMP(type=3, code=3) / \ sp.IP(src="4.3.2.1", dst="1.2.3.4") / \ sp.UDP(dport=53, sport=1234) sp.sendp(icmp_reachable, iface=args.sendif[0], verbose=False) sniffer.join() if sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0) if __name__ == '__main__': main() -#!/usr/local/bin/python2.7 - -import argparse -import scapy.all as sp -import sys -from sniffer import Sniffer - -def check_icmp_error(args, packet): - ip = packet.getlayer(sp.IP) - if not ip: - return False - if ip.dst != args.to[0]: - return False - - icmp = packet.getlayer(sp.ICMP) - if not icmp: - return False - if icmp.type != 3 or icmp.code != 3: - return False - - return True - -def main(): - parser = argparse.ArgumentParser("CVE-2019-icmp.py", - description="CVE-2019-icmp test tool") - parser.add_argument('--sendif', nargs=1, - required=True, - help='The interface through which the packet will be sent') - parser.add_argument('--recvif', nargs=1, - required=True, - help='The interface on which to check for the packet') - parser.add_argument('--src', nargs=1, - required=True, - help='The source IP address') - parser.add_argument('--to', nargs=1, - required=True, - help='The destination IP address') - - args = parser.parse_args() - - # Send the allowed packet to establish state - udp = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.UDP(dport=53, sport=1234) - sp.sendp(udp, iface=args.sendif[0], verbose=False) - - # Start sniffing on recvif - sniffer = Sniffer(args, check_icmp_error) - - # Send the bad error packet - icmp_reachable = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.ICMP(type=3, code=3) / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.UDP(dport=53, sport=1234) - sp.sendp(icmp_reachable, iface=args.sendif[0], verbose=False) - - sniffer.join() - if sniffer.foundCorrectPacket: - sys.exit(1) - - sys.exit(0) - -if __name__ == '__main__': - main()