diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2024-11-24 11:18:38 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2025-02-25 12:24:26 +0100 |
| commit | b3282eee7c5bbfc3f3221943001a9c41e7886a7b (patch) | |
| tree | d70d6259c797dbf08a771482622d86f10666fa13 | |
| parent | 640a6b3d6d46eff60f53ce9e50db0484df2f526c (diff) | |
Added length check's to fix some heap overflow
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | nDPId.c | 26 |
1 files changed, 24 insertions, 2 deletions
@@ -3496,7 +3496,21 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre case DLT_NULL: { /* DLT header values can be stored as big or little endian. */ - + if (header->caplen < sizeof(uint32_t)) + { + if (is_error_event_threshold(reader_thread->workflow) == 0) + { + jsonize_error_eventf(reader_thread, + PACKET_TOO_SHORT, + "%s%u %s%zu", + "size", + header->caplen, + "expected", + sizeof(uint32_t)); + jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD); + } + return 1; + } uint32_t dlt_hdr = *((uint32_t const *)&packet[eth_offset]); if (dlt_hdr == 0x02000000 || dlt_hdr == 0x02) @@ -4116,11 +4130,19 @@ process_layer3_again: { ip = (struct ndpi_iphdr *)&packet[ip_offset]; ip6 = NULL; + if (header->caplen < ip_offset + sizeof(*ip)) + { + return; + } } else if (type == ETH_P_IPV6) { ip = NULL; ip6 = (struct ndpi_ipv6hdr *)&packet[ip_offset]; + if (header->caplen < ip_offset + sizeof(*ip6)) + { + return; + } } else { @@ -4247,7 +4269,7 @@ process_layer3_again: /* process intermediate protocols i.e. layer4 tunnel protocols */ if (IS_CMDARG_SET(nDPId_options.decode_tunnel) != 0 && flow_basic.l4_protocol == IPPROTO_GRE) { - uint32_t offset = is_valid_gre_tunnel(header, packet, l4_ptr); + uint32_t const offset = is_valid_gre_tunnel(header, packet, l4_ptr); if (offset == 0) { |