Fix for the recent patch that allows segment offloaded packets.

We recently added support for segment offloaded packets. It turns out that this can lead to problems in UDP/ICMP based parsers since I missed correctly also updating the payloadlength there, and using the capture length instead when segment offloading is enabled. Credit to OSS-Fuzz for discovery https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41391 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41394 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41395 (Link to details becomes public 30 days after patch release)
2025-10-14 20:48:21 +00:00 · 2021-11-30 18:24:03 +00:00 · 2021-11-30 18:24:03 +00:00 · 94ee837398
commit 94ee837398
parent 6a5b51eba8
4 changed files with 24 additions and 1 deletions
--- a/src/packet_analysis/protocol/icmp/ICMP.cc
+++ b/src/packet_analysis/protocol/icmp/ICMP.cc
@ -67,6 +67,10 @@ void ICMPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int rema

 	const u_char* data = pkt->ip_hdr->Payload();
 	int len = pkt->ip_hdr->PayloadLen();
+	// If segment offloading or similar is enabled, the payload len will return 0.
+	// Thus, let's ignore that case.
+	if ( len == 0 )
+		len = remaining;

 	if ( packet_contents && len > 0 )
 		adapter->PacketContents(data + 8, std::min(len, remaining) - 8);