git: b5c7812dd376 - stable/12 - pf tests: Fix accidental duplication of content

Kristof Provost kp at FreeBSD.org
Sun Jan 3 22:18:49 UTC 2021 

The branch stable/12 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=b5c7812dd376dcfa513d948e0d7682c1f613b4ab

commit b5c7812dd376dcfa513d948e0d7682c1f613b4ab
Author:     Mateusz Piotrowski <0mp at FreeBSD.org>
AuthorDate: 2019-08-15 12:00:59 +0000
Commit:     Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-01-03 20:26:49 +0000

    pf tests: Fix accidental duplication of content
    
    Some files got their contented duplicated in r345409. Some mistakes where
    fixed in r345430. The only file that was left with a duplicated content was
    CVE-2019-5598.py.
    
    Reviewed by:    kp
    Approved by:    src (kp)
    Differential Revision:  https://reviews.freebsd.org/D21267
    
    (cherry picked from commit 03d8a4b7d39af6da7ceaaf07211cf0fde1e623ed)
---
 tests/sys/netpfil/pf/CVE-2019-5598.py | 65 -----------------------------------
 1 file changed, 65 deletions(-)

diff --git a/tests/sys/netpfil/pf/CVE-2019-5598.py b/tests/sys/netpfil/pf/CVE-2019-5598.py
index 648b8ef9d6f0..1a019ea23fab 100644
--- a/tests/sys/netpfil/pf/CVE-2019-5598.py
+++ b/tests/sys/netpfil/pf/CVE-2019-5598.py
@@ -63,68 +63,3 @@ def main():
 
 if __name__ == '__main__':
 	main()
-#!/usr/local/bin/python2.7
-
-import argparse
-import scapy.all as sp
-import sys
-from sniffer import Sniffer
-
-def check_icmp_error(args, packet):
-	ip = packet.getlayer(sp.IP)
-	if not ip:
-		return False
-	if ip.dst != args.to[0]:
-		return False
-
-	icmp = packet.getlayer(sp.ICMP)
-	if not icmp:
-		return False
-	if icmp.type != 3 or icmp.code != 3:
-		return False
-
-	return True
-
-def main():
-	parser = argparse.ArgumentParser("CVE-2019-icmp.py",
-		description="CVE-2019-icmp test tool")
-	parser.add_argument('--sendif', nargs=1,
-		required=True,
-		help='The interface through which the packet will be sent')
-	parser.add_argument('--recvif', nargs=1,
-		required=True,
-		help='The interface on which to check for the packet')
-	parser.add_argument('--src', nargs=1,
-		required=True,
-		help='The source IP address')
-	parser.add_argument('--to', nargs=1,
-		required=True,
-		help='The destination IP address')
-
-	args = parser.parse_args()
-
-        # Send the allowed packet to establish state
-        udp = sp.Ether() / \
-            sp.IP(src=args.src[0], dst=args.to[0]) / \
-            sp.UDP(dport=53, sport=1234)
-        sp.sendp(udp, iface=args.sendif[0], verbose=False)
-
-	# Start sniffing on recvif
-	sniffer = Sniffer(args, check_icmp_error)
-
-	# Send the bad error packet
-	icmp_reachable = sp.Ether() / \
-            sp.IP(src=args.src[0], dst=args.to[0]) / \
-	    sp.ICMP(type=3, code=3) / \
-	    sp.IP(src=args.src[0], dst=args.to[0]) / \
-	    sp.UDP(dport=53, sport=1234)
-	sp.sendp(icmp_reachable, iface=args.sendif[0], verbose=False)
-
-	sniffer.join()
-	if sniffer.foundCorrectPacket:
-		sys.exit(1)
-
-	sys.exit(0)
-
-if __name__ == '__main__':
-	main()

More information about the dev-commits-src-all mailing list