Add a number of out_of_bound checks to Packet.cc

Mostly this verifies that we actually have the full headers that we are trying to read in a packet. Addresses BIT-1463
2025-10-16 21:48:21 +00:00 · 2015-08-31 12:58:25 -07:00 · 2015-08-31 12:58:25 -07:00 · fd6f9e470f
commit fd6f9e470f
parent 710409507c
4 changed files with 62 additions and 10 deletions
--- a/testing/btest/Baseline/core.truncation/output
+++ b/testing/btest/Baseline/core.truncation/output
@ -3,38 +3,48 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2012-04-11-16-01-35
+#open	2015-08-31-19-57-29
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334160095.895421	-	-	-	-	-	truncated_IP	-	F	bro
-#close	2012-04-11-16-01-35
+#close	2015-08-31-19-57-29
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2012-04-11-14-57-21
+#open	2015-08-31-19-57-30
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334156241.519125	-	-	-	-	-	truncated_IP	-	F	bro
-#close	2012-04-11-14-57-21
+#close	2015-08-31-19-57-30
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2012-04-10-21-50-48
+#open	2015-08-31-19-57-31
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334094648.590126	-	-	-	-	-	truncated_IP	-	F	bro
-#close	2012-04-10-21-50-48
+#close	2015-08-31-19-57-31
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2012-05-29-22-02-34
+#open	2015-08-31-19-57-32
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1338328954.078361	-	-	-	-	-	internally_truncated_header	-	F	bro
-#close	2012-05-29-22-02-34
+#close	2015-08-31-19-57-32
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#open	2015-08-31-19-57-33
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+0.000000	-	-	-	-	-	truncated_header	-	F	bro
+#close	2015-08-31-19-57-33
--- a/testing/btest/Traces/trunc/trunc-hdr.pcap
+++ b/testing/btest/Traces/trunc/trunc-hdr.pcap
--- a/testing/btest/core/truncation.test
+++ b/testing/btest/core/truncation.test
@ -19,4 +19,10 @@

 # @TEST-EXEC: bro -r $TRACES/trunc/icmp-header-trunc.pcap
 # @TEST-EXEC: cat weird.log >> output
+
+# Truncated packets where the captured length is less than the length required
+# for the packet header should also raise a Weird
+# @TEST-EXEC: bro -r $TRACES/trunc/trunc-hdr.pcap
+# @TEST-EXEC: cat weird.log >> output
+
 # @TEST-EXEC: btest-diff output