Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Consider cap len when forwarding into packet analysis.

Browse source 
When forwarding into packet analysis from TCP or UDP, the protocol's
length fields were trusted. This might be dangerous in case of truncated
packets.
This commit is contained in:
Jan Grashoefer 2023-03-30 15:47:01 +02:00
parent 136d54a68e
commit fb2042ca76
3 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/packet_analysis/protocol/udp/UDP.cc
View file

@ -223,7 +223,7 @@ void UDPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int remai
// port here because the orig/resp should have already swapped around based on
// likely_server_ports. This also prevents us from processing things twice if protocol
// detection has to be used.
ForwardPacket(len, data, pkt, ntohs(c->RespPort()));
ForwardPacket(std::min(len, remaining), data, pkt, ntohs(c->RespPort()));
// Also try sending it into session analysis.
if ( remaining >= len )