From owner-dev-commits-src-all@freebsd.org Sun Jan 3 22:18:49 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 29F254C145A; Sun, 3 Jan 2021 22:18:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D8CpJ5Y4yz4r3J; Sun, 3 Jan 2021 22:18:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A239476C9; Sun, 3 Jan 2021 22:18:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 103MImI0020441; Sun, 3 Jan 2021 22:18:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 103MImns020440; Sun, 3 Jan 2021 22:18:48 GMT (envelope-from git) Date: Sun, 3 Jan 2021 22:18:48 GMT Message-Id: <202101032218.103MImns020440@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: b5c7812dd376 - stable/12 - pf tests: Fix accidental duplication of content MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: b5c7812dd376dcfa513d948e0d7682c1f613b4ab Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jan 2021 22:18:49 -0000 The branch stable/12 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=b5c7812dd376dcfa513d948e0d7682c1f613b4ab commit b5c7812dd376dcfa513d948e0d7682c1f613b4ab Author: Mateusz Piotrowski <0mp@FreeBSD.org> AuthorDate: 2019-08-15 12:00:59 +0000 Commit: Kristof Provost CommitDate: 2021-01-03 20:26:49 +0000 pf tests: Fix accidental duplication of content Some files got their contented duplicated in r345409. Some mistakes where fixed in r345430. The only file that was left with a duplicated content was CVE-2019-5598.py. Reviewed by: kp Approved by: src (kp) Differential Revision: https://reviews.freebsd.org/D21267 (cherry picked from commit 03d8a4b7d39af6da7ceaaf07211cf0fde1e623ed) --- tests/sys/netpfil/pf/CVE-2019-5598.py | 65 ----------------------------------- 1 file changed, 65 deletions(-) diff --git a/tests/sys/netpfil/pf/CVE-2019-5598.py b/tests/sys/netpfil/pf/CVE-2019-5598.py index 648b8ef9d6f0..1a019ea23fab 100644 --- a/tests/sys/netpfil/pf/CVE-2019-5598.py +++ b/tests/sys/netpfil/pf/CVE-2019-5598.py @@ -63,68 +63,3 @@ def main(): if __name__ == '__main__': main() -#!/usr/local/bin/python2.7 - -import argparse -import scapy.all as sp -import sys -from sniffer import Sniffer - -def check_icmp_error(args, packet): - ip = packet.getlayer(sp.IP) - if not ip: - return False - if ip.dst != args.to[0]: - return False - - icmp = packet.getlayer(sp.ICMP) - if not icmp: - return False - if icmp.type != 3 or icmp.code != 3: - return False - - return True - -def main(): - parser = argparse.ArgumentParser("CVE-2019-icmp.py", - description="CVE-2019-icmp test tool") - parser.add_argument('--sendif', nargs=1, - required=True, - help='The interface through which the packet will be sent') - parser.add_argument('--recvif', nargs=1, - required=True, - help='The interface on which to check for the packet') - parser.add_argument('--src', nargs=1, - required=True, - help='The source IP address') - parser.add_argument('--to', nargs=1, - required=True, - help='The destination IP address') - - args = parser.parse_args() - - # Send the allowed packet to establish state - udp = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.UDP(dport=53, sport=1234) - sp.sendp(udp, iface=args.sendif[0], verbose=False) - - # Start sniffing on recvif - sniffer = Sniffer(args, check_icmp_error) - - # Send the bad error packet - icmp_reachable = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.ICMP(type=3, code=3) / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.UDP(dport=53, sport=1234) - sp.sendp(icmp_reachable, iface=args.sendif[0], verbose=False) - - sniffer.join() - if sniffer.foundCorrectPacket: - sys.exit(1) - - sys.exit(0) - -if __name__ == '__main__': - main()