From b48efefaba1304096cd3eb0c52cc7b01ef93fb2d Mon Sep 17 00:00:00 2001
From: Guillaume Valadon <guillaume@valadon.net>
Date: Fri, 2 Aug 2013 13:39:47 +0200
Subject: [PATCH] Issue #820: _IPv6GuessPayload.default_payload_class() now
hecks the lenght of data
--HG--
branch : Issue #820
---
scapy/layers/inet6.py | 37 +++++++++++++++++++++++++++++++++----
1 file changed, 33 insertions(+), 4 deletions(-)
diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py
index bd2122ef..3dccc504 100644
--- a/scapy/layers/inet6.py
+++ b/scapy/layers/inet6.py
@@ -331,12 +331,14 @@ class IP6ListField(StrField):
class _IPv6GuessPayload:
name = "Dummy class that implements guess_payload_class() for IPv6"
def default_payload_class(self,p):
- if self.nh == 58 and len(p) > 2:
+ if self.nh == 58: # ICMPv6
t = ord(p[0])
- if t == 139 or t == 140: # Node Info Query
+ if len(p) > 2 and t == 139 or t == 140: # Node Info Query
return _niquery_guesser(p)
- return get_cls(icmp6typescls.get(t,"Raw"), "Raw")
- elif self.nh == 135 and len(p) > 3:
+ if len(p) >= icmp6typesminhdrlen.get(t, sys.maxint): # Other ICMPv6 messages
+ return get_cls(icmp6typescls.get(t,"Raw"), "Raw")
+ return Raw
+ elif self.nh == 135 and len(p) > 3: #Â Mobile IPv6
return _mip6_mhtype2cls.get(ord(p[2]), MIP6MH_Generic)
else:
return get_cls(ipv6nhcls.get(self.nh,"Raw"), "Raw")
@@ -1111,6 +1113,33 @@ icmp6typescls = { 1: "ICMPv6DestUnreach",
153: "ICMPv6MRD_Termination",
}
+icmp6typesminhdrlen = { 1: 8,
+ 2: 8,
+ 3: 8,
+ 4: 8,
+ 128: 8,
+ 129: 8,
+ 130: 24,
+ 131: 24,
+ 132: 24,
+ 133: 8,
+ 134: 16,
+ 135: 24,
+ 136: 24,
+ 137: 40,
+ #139:
+ #140
+ 141: 8,
+ 142: 8,
+ 144: 8,
+ 145: 8,
+ 146: 8,
+ 147: 8,
+ 151: 8,
+ 152: 4,
+ 153: 4
+ }
+
icmp6types = { 1 : "Destination unreachable",
2 : "Packet too big",
3 : "Time exceeded",
--
GitLab