Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix for the recent patch that allows segment offloaded packets.

Browse source 
We recently added support for segment offloaded packets. It turns out
that this can lead to problems in UDP/ICMP based parsers since I missed
correctly also updating the payloadlength there, and using the capture
length instead when segment offloading is enabled.

Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41391
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41394
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41395
(Link to details becomes public 30 days after patch release)
This commit is contained in:
Johanna Amann 2021-11-30 18:24:03 +00:00 committed by Tim Wojtulewicz
parent 6a5b51eba8
commit 94ee837398
4 changed files with 24 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

15
CHANGES
View file

@ -1,3 +1,18 @@
4.2.0-dev.394 | 2021-11-30 11:53:35 -0700
* Fix for the recent patch that allows segment offloaded packets. (Johanna Amann, Corelight)
We recently added support for segment offloaded packets. It turns out
that this can lead to problems in UDP/ICMP based parsers since I missed
correctly also updating the payloadlength there, and using the capture
length instead when segment offloading is enabled.
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41391
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41394
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41395
(Link to details becomes public 30 days after patch release)
4.2.0-dev.393 | 2021-11-29 13:46:59 -0700 4.2.0-dev.393 | 2021-11-29 13:46:59 -0700
* Fix a number of Coverity findings (Tim Wojtulewicz, Corelight) * Fix a number of Coverity findings (Tim Wojtulewicz, Corelight)

2
VERSION
View file

@ -1 +1 @@
4.2.0-dev.393 4.2.0-dev.394

4
src/packet_analysis/protocol/icmp/ICMP.cc
View file

@ -67,6 +67,10 @@ void ICMPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int rema
const u_char* data = pkt->ip_hdr->Payload(); const u_char* data = pkt->ip_hdr->Payload();
int len = pkt->ip_hdr->PayloadLen(); int len = pkt->ip_hdr->PayloadLen();
// If segment offloading or similar is enabled, the payload len will return 0.
// Thus, let's ignore that case.
if ( len == 0 )
len = remaining;
if ( packet_contents && len > 0 ) if ( packet_contents && len > 0 )
adapter->PacketContents(data + 8, std::min(len, remaining) - 8); adapter->PacketContents(data + 8, std::min(len, remaining) - 8);

4
src/packet_analysis/protocol/udp/UDP.cc
View file

@ -84,6 +84,10 @@ void UDPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int remai
const u_char* data = pkt->ip_hdr->Payload(); const u_char* data = pkt->ip_hdr->Payload();
int len = pkt->ip_hdr->PayloadLen(); int len = pkt->ip_hdr->PayloadLen();
// If segment offloading or similar is enabled, the payload len will return 0.
// Thus, let's ignore that case.
if ( len == 0 )
len = remaining;
const struct udphdr* up = (const struct udphdr*)data; const struct udphdr* up = (const struct udphdr*)data;
const std::shared_ptr<IP_Hdr>& ip = pkt->ip_hdr; const std::shared_ptr<IP_Hdr>& ip = pkt->ip_hdr;