Changeset 2a1eebc for lib/trace.c


Ignore:
Timestamp:
01/11/19 16:12:22 (22 months ago)
Author:
Shane Alcock <salcock@…>
Branches:
develop
Children:
ec19a99
Parents:
d83006c
Message:

Don't get unhappy if a pcap packet has a wire length of 65534

Our internal wire length calculation will add 4 bytes to the
pcap wire length, which means it is possible (albeit incredibly
unlikely) to have a pcap packet with a libtrace wire length >
LIBTRACE_PACKET_BUFSIZE (e.g. 65534 + 4 bytes > 65536).

Therefore, if we are a pcap packet, add an extra four bytes of
leeway when determining if a wire length is bogus or not.

Bug discovered by Perry using the afl fuzzer.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/trace.c

    r32de4c7 r2a1eebc  
    14311431DLLEXPORT size_t trace_get_wire_length(const libtrace_packet_t *packet){
    14321432
     1433        size_t wiresub = 0;
     1434
    14331435        if (packet->which_trace_start != packet->trace->startcount) {
    14341436                return ~0U;
     
    14421444        }
    14431445
    1444         if (!(packet->cached.wire_length < LIBTRACE_PACKET_BUFSIZE)) {
    1445                 fprintf(stderr, "Wire length is greater than the buffer size in trace_get_wire_length()\n");
    1446                 return 0;
     1446        if (packet->type >= TRACE_RT_DATA_DLT && packet->type <=
     1447                        TRACE_RT_DATA_DLT_END) {
     1448
     1449                /* pcap wire lengths in libtrace include an extra four bytes
     1450                 * for the FCS (to be consistent with other formats that do
     1451                 * capture the FCS), but these bytes don't actually exist on
     1452                 * the wire. Therefore, we shouldn't get upset if our "wire"
     1453                 * length exceeds the max buffer size by four bytes or less.
     1454                 */
     1455                wiresub = 4;
     1456        } else {
     1457                wiresub = 0;
     1458        }
     1459
     1460        if (!(packet->cached.wire_length - wiresub < LIBTRACE_PACKET_BUFSIZE)) {
     1461                fprintf(stderr, "Wire length %zu exceeds expected maximum packet size of %d -- packet is likely corrupt.\n",
     1462                                packet->cached.wire_length - wiresub,
     1463                                LIBTRACE_PACKET_BUFSIZE);
     1464
    14471465                /* should we be returning ~OU here? */
    14481466        }
Note: See TracChangeset for help on using the changeset viewer.