Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Consider cap len when forwarding into packet analysis.

Browse source 
When forwarding into packet analysis from TCP or UDP, the protocol's
length fields were trusted. This might be dangerous in case of truncated
packets.
This commit is contained in:
Jan Grashoefer 2023-03-30 15:47:01 +02:00
parent 136d54a68e
commit fb2042ca76
3 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/packet_analysis/protocol/tcp/TCP.cc
View file

@ -125,7 +125,7 @@ void TCPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int remai
pkt->session = c;
// Send the packet back into the packet analysis framework.
ForwardPacket(len, data, pkt);
ForwardPacket(std::min(len, remaining), data, pkt);
// Call DeliverPacket on the adapter directly here. Normally we'd call ForwardPacket
// but this adapter does some other things in its DeliverPacket with the packet children