Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Small change to avoid potentially over reading memory.

Browse source
This commit is contained in:
Seth Hall 2017-02-03 12:34:39 -08:00
parent 59f0477d29
commit d32e4b25f1
1 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/Sessions.cc
View file

@ -508,8 +508,11 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
uint16 flags_ver = ntohs(*((uint16*)(data + 0))); uint16 flags_ver = ntohs(*((uint16*)(data + 0)));
uint16 proto_typ = ntohs(*((uint16*)(data + 2))); uint16 proto_typ = ntohs(*((uint16*)(data + 2)));
int gre_version = flags_ver & 0x0007; int gre_version = flags_ver & 0x0007;
// If a carried packet has ethernet, this will help skip it. // If a carried packet has ethernet, this will help skip it.
unsigned int eth_len = 0; unsigned int eth_len = 0;
unsigned int gre_len = gre_header_len(flags_ver);
unsigned int ppp_len = gre_version == 1 ? 1 : 0;
if ( gre_version != 0 && gre_version != 1 ) if ( gre_version != 0 && gre_version != 1 )
{ {
@ -520,11 +523,11 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
if ( gre_version == 0 ) if ( gre_version == 0 )
{ {
if ( proto_typ == 0x6558 ) if ( proto_typ == 0x6558 && len > gre_len + 14 )
{ {
// transparent ethernet bridging // transparent ethernet bridging
eth_len = 14; eth_len = 14;
proto_typ = ntohs(*((uint16*)(data + gre_header_len(flags_ver) + 12))); proto_typ = ntohs(*((uint16*)(data + gre_len + 12)));
} }
if ( proto_typ == 0x0800 ) if ( proto_typ == 0x0800 )
@ -567,9 +570,6 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
return; return;
} }
unsigned int gre_len = gre_header_len(flags_ver);
unsigned int ppp_len = gre_version == 1 ? 1 : 0;
if ( len < gre_len + ppp_len + eth_len || caplen < gre_len + ppp_len + eth_len ) if ( len < gre_len + ppp_len + eth_len || caplen < gre_len + ppp_len + eth_len )
{ {
Weird("truncated_GRE", ip_hdr, encapsulation); Weird("truncated_GRE", ip_hdr, encapsulation);