Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

UDP: don't validate checksum if caplen < len

Browse source 
This may happen with truncated packets and will cause asan builds to bail out
before the packet can be forwarded along. The TCP analyzer already has this
check, but it's missing for UDP.
This commit is contained in:
Tim Wojtulewicz 2023-04-28 11:19:35 -07:00 committed by Arne Welzel
parent b8313c2487
commit 47ff5a4f61
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/packet_analysis/protocol/udp/UDP.cc
View file

@ -109,7 +109,7 @@ void UDPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int remai
auto validate_checksum = ! run_state::current_pkt->l4_checksummed &&
! zeek::detail::ignore_checksums &&
! GetIgnoreChecksumsNets()->Contains(ip->IPHeaderSrcAddr()) &&
remaining >= len;
remaining >= len && pkt->len <= pkt->cap_len;
constexpr auto vxlan_len = 8;
constexpr auto eth_len = 14;