aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIvan Nardi <12729895+IvanNardi@users.noreply.github.com>2023-03-25 19:19:51 +0100
committerGitHub <noreply@github.com>2023-03-25 19:19:51 +0100
commit04a426feef3399a2354b4aa10ee2a28cf107fb45 (patch)
tree98356206089be2fc1aef768cad9c1fc59dd1cff8
parentddb9aa0f95ba263361b9be2ba0a122ea1e001be9 (diff)
ndpiReader: fix VXLAN de-tunneling (#1913)
``` ==20665==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6040000aec81 at pc 0x0000004f5c6f bp 0x7fff07e9e1f0 sp 0x7fff07e9e1e8 READ of size 1 at 0x6040000aec81 thread T0 SCARINESS: 12 (1-byte-read-heap-buffer-overflow) #0 0x4f5c6e in ndpi_is_valid_vxlan ndpi/example/reader_util.c:1784:6 #1 0x4f5c6e in ndpi_workflow_process_packet ndpi/example/reader_util.c:2292:16 #2 0x4dd821 in LLVMFuzzerTestOneInput ndpi/fuzz/fuzz_ndpi_reader.c:135:7 #3 0x4f91ba in ExecuteFilesOnyByOne /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:234:7 #4 0x4f8f8c in main /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:318:12 #5 0x7f2289324082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16 #6 0x41e6cd in _start ``` Found by oss-fuzz. See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57369
Diffstat
1 files changed, 1 insertions, 1 deletions
diff --git a/example/reader_util.c b/example/reader_util.c
index f5705bec0..678b454b7 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1746,7 +1746,7 @@ int ndpi_is_datalink_supported(int datalink_type) {
}
static bool ndpi_is_valid_vxlan(const struct pcap_pkthdr *header, const u_char *packet, u_int16_t ip_offset, u_int16_t ip_len){
- if(header->caplen < ip_offset + ip_len + sizeof(struct ndpi_vxlanhdr)) {
+ if(header->caplen < ip_offset + ip_len + sizeof(struct ndpi_udphdr) + sizeof(struct ndpi_vxlanhdr)) {
return false;
}
u_int32_t vxlan_dst_port = ntohs(4789);
Powered by cgit, Themed by Ted Yin.