From 6941e44aba47192a6a6440114a56dd5e5f8df702 Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Wed, 24 May 2023 16:38:33 +0200 Subject: [PATCH] packet_analysis/TCP: Do not use untrusted len for DeliverPacket() We should not be passing the untrusted TCP header length into DeliverPacket(). Also, DeliverPacket() cap len parameter should be the capture length of the packet, not remaining data. --- src/packet_analysis/protocol/tcp/TCP.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/packet_analysis/protocol/tcp/TCP.cc b/src/packet_analysis/protocol/tcp/TCP.cc index 6d6dfc4dbb..7df5236048 100644 --- a/src/packet_analysis/protocol/tcp/TCP.cc +++ b/src/packet_analysis/protocol/tcp/TCP.cc @@ -130,7 +130,8 @@ void TCPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int remai // Call DeliverPacket on the adapter directly here. Normally we'd call ForwardPacket // but this adapter does some other things in its DeliverPacket with the packet children // analyzers. - adapter->DeliverPacket(len, data, is_orig, adapter->LastRelDataSeq(), ip.get(), remaining); + adapter->DeliverPacket(remaining, data, is_orig, adapter->LastRelDataSeq(), ip.get(), + pkt->cap_len); } const struct tcphdr* TCPAnalyzer::ExtractTCP_Header(const u_char*& data, int& len, int& remaining,