Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Small change to avoid potentially over reading memory.

Browse source
This commit is contained in:
Seth Hall 2017-02-03 12:34:39 -08:00
parent 59f0477d29
commit d32e4b25f1
1 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/Sessions.cc
View file

@ -508,8 +508,11 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
uint16 flags_ver = ntohs(*((uint16*)(data + 0)));
uint16 proto_typ = ntohs(*((uint16*)(data + 2)));
int gre_version = flags_ver & 0x0007;
// If a carried packet has ethernet, this will help skip it.
unsigned int eth_len = 0;
unsigned int gre_len = gre_header_len(flags_ver);
unsigned int ppp_len = gre_version == 1 ? 1 : 0;
if ( gre_version != 0 && gre_version != 1 )
{
@ -520,11 +523,11 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
if ( gre_version == 0 )
{
if ( proto_typ == 0x6558 )
if ( proto_typ == 0x6558 && len > gre_len + 14 )
{
// transparent ethernet bridging
eth_len = 14;
proto_typ = ntohs(*((uint16*)(data + gre_header_len(flags_ver) + 12)));
proto_typ = ntohs(*((uint16*)(data + gre_len + 12)));
}
if ( proto_typ == 0x0800 )
@ -567,9 +570,6 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
return;
}
unsigned int gre_len = gre_header_len(flags_ver);
unsigned int ppp_len = gre_version == 1 ? 1 : 0;
if ( len < gre_len + ppp_len + eth_len || caplen < gre_len + ppp_len + eth_len )
{
Weird("truncated_GRE", ip_hdr, encapsulation);