aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2024-11-24 11:18:38 +0100
committerToni Uhlig <matzeton@googlemail.com>2025-02-25 12:24:26 +0100
commitb3282eee7c5bbfc3f3221943001a9c41e7886a7b (patch)
treed70d6259c797dbf08a771482622d86f10666fa13
parent640a6b3d6d46eff60f53ce9e50db0484df2f526c (diff)
Added length check's to fix some heap overflow
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
-rw-r--r--nDPId.c26
1 files changed, 24 insertions, 2 deletions
diff --git a/nDPId.c b/nDPId.c
index b3574a560..ff8108276 100644
--- a/nDPId.c
+++ b/nDPId.c
@@ -3496,7 +3496,21 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
case DLT_NULL:
{
/* DLT header values can be stored as big or little endian. */
-
+ if (header->caplen < sizeof(uint32_t))
+ {
+ if (is_error_event_threshold(reader_thread->workflow) == 0)
+ {
+ jsonize_error_eventf(reader_thread,
+ PACKET_TOO_SHORT,
+ "%s%u %s%zu",
+ "size",
+ header->caplen,
+ "expected",
+ sizeof(uint32_t));
+ jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
+ }
+ return 1;
+ }
uint32_t dlt_hdr = *((uint32_t const *)&packet[eth_offset]);
if (dlt_hdr == 0x02000000 || dlt_hdr == 0x02)
@@ -4116,11 +4130,19 @@ process_layer3_again:
{
ip = (struct ndpi_iphdr *)&packet[ip_offset];
ip6 = NULL;
+ if (header->caplen < ip_offset + sizeof(*ip))
+ {
+ return;
+ }
}
else if (type == ETH_P_IPV6)
{
ip = NULL;
ip6 = (struct ndpi_ipv6hdr *)&packet[ip_offset];
+ if (header->caplen < ip_offset + sizeof(*ip6))
+ {
+ return;
+ }
}
else
{
@@ -4247,7 +4269,7 @@ process_layer3_again:
/* process intermediate protocols i.e. layer4 tunnel protocols */
if (IS_CMDARG_SET(nDPId_options.decode_tunnel) != 0 && flow_basic.l4_protocol == IPPROTO_GRE)
{
- uint32_t offset = is_valid_gre_tunnel(header, packet, l4_ptr);
+ uint32_t const offset = is_valid_gre_tunnel(header, packet, l4_ptr);
if (offset == 0)
{