From 8d7cbaa1f532bfe56adde20032cea3322b303005 Mon Sep 17 00:00:00 2001 From: Nardi Ivan Date: Wed, 2 Mar 2022 11:54:54 +0100 Subject: [PATCH] reader_util: fix parsing of MPLS packets ``` ==20492==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000578c at pc 0x55c47455e3ea bp 0x7ffc62ca1eb0 sp 0x7ffc62ca1ea8 READ of size 4 at 0x60300000578c thread T0 #0 0x55c47455e3e9 in ndpi_workflow_process_packet /home/ivan/svnrepos/nDPI/example/reader_util.c:1840:16 #1 0x55c47451b9cd in LLVMFuzzerTestOneInput /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:107:7 #2 0x55c47451c1ab in main /home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader.c:179:17 #3 0x7f661b50e0b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 #4 0x55c47445b54d in _start (/home/ivan/svnrepos/nDPI/fuzz/fuzz_ndpi_reader_with_main+0x61054d) (BuildId: eba4bb4cd43b7101e4f0028ec0fb79087bae0e37) 0x60300000578d is located 0 bytes to the right of 29-byte region [0x603000005770,0x60300000578d) ``` --- example/reader_util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/example/reader_util.c b/example/reader_util.c index 1dc110e509f..a04f009db7c 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1837,6 +1837,8 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, case ETH_P_MPLS_UNI: case ETH_P_MPLS_MULTI: + if(ip_offset+4 >= (int)header->caplen) + return(nproto); mpls.u32 = *((uint32_t *) &packet[ip_offset]); mpls.u32 = ntohl(mpls.u32); workflow->stats.mpls_count++;