File: decode_citrix.c

package info (click to toggle)
dsniff 2.4b1+debian-29
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 2,020 kB
  • sloc: ansic: 10,803; sh: 152; makefile: 126
file content (73 lines) | stat: -rw-r--r-- 1,366 bytes parent folder | download | duplicates (7)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/*
 * decode_citrix.c
 *
 * Citrix ICA.
 *
 * http://www.securityfocus.com/templates/archive.pike?list=1&date=200 \
 * 0-04-15&msg=Pine.BSO.4.20.0003290949280.2640-100000@naughty.monkey.org
 *
 * Thanks to Jeremie Kass <jeremie@monkey.org> for providing me with
 * traffic traces.
 *
 * Copyright (c) 2000 Dug Song <dugsong@monkey.org>
 *
 * $Id: decode_citrix.c,v 1.5 2001/03/15 08:32:59 dugsong Exp $
 */

#include "config.h"

#include <sys/types.h>

#include <stdio.h>
#include <string.h>

#include "buf.h"
#include "decode.h"

static u_char ica_magic[] = { 0x32, 0x26, 0x85, 0x92, 0x58 };

int
decode_citrix(u_char *buf, int len, u_char *obuf, int olen)
{
	struct buf inbuf, outbuf;
	u_char key, c, t[2];
	int i;
	
	buf_init(&inbuf, buf, len);
	buf_init(&outbuf, obuf, olen);
	
	while ((i = buf_index(&inbuf, ica_magic, sizeof(ica_magic))) >= 0) {
		buf_skip(&inbuf, i);
		
		if (buf_len(&inbuf) < 60)
			break;
		
		buf_skip(&inbuf, 17);
		
		if (buf_get(&inbuf, &key, 1) != 1)
			break;
		
		buf_skip(&inbuf, 42);
		
		if (buf_get(&inbuf, &c, 1) != 1)
			break;

		c ^= ('C' | key);
		
		buf_put(&outbuf, &c, 1);
		
		i = 0;
		while (buf_get(&inbuf, t, 2) == 2) {
			c = t[0] ^ t[1] ^ key;
			
			if (c == '\0') {
				buf_put(&outbuf, "\n", 1);
				if (++i > 2) break;
			}
			buf_put(&outbuf, &c, 1);
		}
	}
	buf_end(&outbuf);
	
	return (buf_len(&outbuf));
}