diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-03-02 15:14:41 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-02 15:14:41 +0100 |
| commit | 6f431057c5e11ce24dc88a43b681e9ba9aa5a0e1 (patch) | |
| tree | b025087b8aaaf220e22f513fecdf8debb7917a32 /example | |
| parent | e8559a4127a75993655a75e0595c76378873ae51 (diff) | |
reader_util: fix parsing of MPLS packets (#1467)
```
==20492==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000578c at pc 0x55c47455e3ea bp 0x7ffc62ca1eb0 sp 0x7ffc62ca1ea8
READ of size 4 at 0x60300000578c thread T0
#0 0x55c47455e3e9 in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/example/reader_util.c:1840:16
#1 0x55c47451b9cd in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:107:7
#2 0x55c47451c1ab in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:179:17
#3 0x7f661b50e0b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
#4 0x55c47445b54d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_with_main+0x61054d) (BuildId: eba4bb4cd43b7101e4f0028ec0fb79087bae0e37)
0x60300000578d is located 0 bytes to the right of 29-byte region [0x603000005770,0x60300000578d)
```
Diffstat (limited to 'example')
| -rw-r--r-- | example/reader_util.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index 1dc110e50..a04f009db 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1837,6 +1837,8 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, case ETH_P_MPLS_UNI: case ETH_P_MPLS_MULTI: + if(ip_offset+4 >= (int)header->caplen) + return(nproto); mpls.u32 = *((uint32_t *) &packet[ip_offset]); mpls.u32 = ntohl(mpls.u32); workflow->stats.mpls_count++; |