From 743ab4bab9a36d497e7c6d3bb3fea7900ed740b1 Mon Sep 17 00:00:00 2001 From: aled-ua Date: Tue, 24 Dec 2024 07:55:41 +0000 Subject: [PATCH 1/6] Fix vuln OSV-2024-1009 --- Packet++/src/Layer.cpp | 5 +++++ Packet++/src/TextBasedProtocol.cpp | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/Packet++/src/Layer.cpp b/Packet++/src/Layer.cpp index ce1b0d6afa..281a2aaeb0 100644 --- a/Packet++/src/Layer.cpp +++ b/Packet++/src/Layer.cpp @@ -97,6 +97,11 @@ namespace pcpp { if ((size_t)offsetInLayer >= m_DataLen) { + if ((size_t)(offsetInLayer + numOfBytesToShorten) > m_DataLen) + { + PCPP_LOG_ERROR("Requested range exceeds data length"); + return false; + } PCPP_LOG_ERROR("Requested offset is larger than data length"); return false; } diff --git a/Packet++/src/TextBasedProtocol.cpp b/Packet++/src/TextBasedProtocol.cpp index 1d35996384..3e32d374f6 100644 --- a/Packet++/src/TextBasedProtocol.cpp +++ b/Packet++/src/TextBasedProtocol.cpp @@ -298,6 +298,11 @@ namespace pcpp std::string fieldName = fieldToRemove->getFieldName(); // shorten layer and delete this field + if ((fieldToRemove->m_NameOffsetInMessage + fieldToRemove->getFieldSize()) > m_DataLen) + { + PCPP_LOG_ERROR("Field range exceeds message length"); + return false; + } if (!shortenLayer(fieldToRemove->m_NameOffsetInMessage, fieldToRemove->getFieldSize())) { PCPP_LOG_ERROR("Cannot shorten layer"); From 34b065e66d8fff4c0793dd5858c81baef6492cd0 Mon Sep 17 00:00:00 2001 From: aled-ua Date: Sat, 4 Jan 2025 20:06:14 +0800 Subject: [PATCH 2/6] Fix format err --- Packet++/src/Layer.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Packet++/src/Layer.cpp b/Packet++/src/Layer.cpp index 281a2aaeb0..433c8ca514 100644 --- a/Packet++/src/Layer.cpp +++ b/Packet++/src/Layer.cpp @@ -97,11 +97,11 @@ namespace pcpp { if ((size_t)offsetInLayer >= m_DataLen) { - if ((size_t)(offsetInLayer + numOfBytesToShorten) > m_DataLen) - { - PCPP_LOG_ERROR("Requested range exceeds data length"); - return false; - } + if ((size_t)(offsetInLayer + numOfBytesToShorten) > m_DataLen) + { + PCPP_LOG_ERROR("Requested range exceeds data length"); + return false; + } PCPP_LOG_ERROR("Requested offset is larger than data length"); return false; } From b3b7a578d5127f40b86aa6c917195b71794f7a57 Mon Sep 17 00:00:00 2001 From: aled-ua Date: Sat, 4 Jan 2025 20:06:47 +0800 Subject: [PATCH 3/6] Fix format err --- Packet++/src/TextBasedProtocol.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Packet++/src/TextBasedProtocol.cpp b/Packet++/src/TextBasedProtocol.cpp index 3e32d374f6..f111c2d08f 100644 --- a/Packet++/src/TextBasedProtocol.cpp +++ b/Packet++/src/TextBasedProtocol.cpp @@ -298,11 +298,11 @@ namespace pcpp std::string fieldName = fieldToRemove->getFieldName(); // shorten layer and delete this field - if ((fieldToRemove->m_NameOffsetInMessage + fieldToRemove->getFieldSize()) > m_DataLen) - { - PCPP_LOG_ERROR("Field range exceeds message length"); - return false; - } + if ((fieldToRemove->m_NameOffsetInMessage + fieldToRemove->getFieldSize()) > m_DataLen) + { + PCPP_LOG_ERROR("Field range exceeds message length"); + return false; + } if (!shortenLayer(fieldToRemove->m_NameOffsetInMessage, fieldToRemove->getFieldSize())) { PCPP_LOG_ERROR("Cannot shorten layer"); From ea0423c11bac879dfa09b9a9b50e1156c36b37f3 Mon Sep 17 00:00:00 2001 From: aled-ua Date: Sat, 4 Jan 2025 20:28:26 +0800 Subject: [PATCH 4/6] Remove useless checks --- Packet++/src/Layer.cpp | 5 ----- 1 file changed, 5 deletions(-) diff --git a/Packet++/src/Layer.cpp b/Packet++/src/Layer.cpp index 433c8ca514..ce1b0d6afa 100644 --- a/Packet++/src/Layer.cpp +++ b/Packet++/src/Layer.cpp @@ -97,11 +97,6 @@ namespace pcpp { if ((size_t)offsetInLayer >= m_DataLen) { - if ((size_t)(offsetInLayer + numOfBytesToShorten) > m_DataLen) - { - PCPP_LOG_ERROR("Requested range exceeds data length"); - return false; - } PCPP_LOG_ERROR("Requested offset is larger than data length"); return false; } From 066d29d0f5855b459b81b9cf85263150430dfd0d Mon Sep 17 00:00:00 2001 From: aled-ua Date: Sat, 4 Jan 2025 21:32:28 +0800 Subject: [PATCH 5/6] Fix format err --- Packet++/src/TextBasedProtocol.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Packet++/src/TextBasedProtocol.cpp b/Packet++/src/TextBasedProtocol.cpp index f111c2d08f..7fb6f14c0c 100644 --- a/Packet++/src/TextBasedProtocol.cpp +++ b/Packet++/src/TextBasedProtocol.cpp @@ -296,13 +296,14 @@ namespace pcpp } std::string fieldName = fieldToRemove->getFieldName(); - - // shorten layer and delete this field + if ((fieldToRemove->m_NameOffsetInMessage + fieldToRemove->getFieldSize()) > m_DataLen) { - PCPP_LOG_ERROR("Field range exceeds message length"); - return false; + PCPP_LOG_ERROR("Field range exceeds message length"); + return false; } + + // shorten layer and delete this field if (!shortenLayer(fieldToRemove->m_NameOffsetInMessage, fieldToRemove->getFieldSize())) { PCPP_LOG_ERROR("Cannot shorten layer"); From 43b241f374684871b54460a9af2bd4002ee0bc3b Mon Sep 17 00:00:00 2001 From: aled-ua Date: Thu, 16 Jan 2025 13:34:04 +0800 Subject: [PATCH 6/6] Fix format err --- Packet++/src/TextBasedProtocol.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Packet++/src/TextBasedProtocol.cpp b/Packet++/src/TextBasedProtocol.cpp index 7fb6f14c0c..8dcface42e 100644 --- a/Packet++/src/TextBasedProtocol.cpp +++ b/Packet++/src/TextBasedProtocol.cpp @@ -297,11 +297,11 @@ namespace pcpp std::string fieldName = fieldToRemove->getFieldName(); - if ((fieldToRemove->m_NameOffsetInMessage + fieldToRemove->getFieldSize()) > m_DataLen) - { + if ((fieldToRemove->m_NameOffsetInMessage + fieldToRemove->getFieldSize()) > m_DataLen) + { PCPP_LOG_ERROR("Field range exceeds message length"); return false; - } + } // shorten layer and delete this field if (!shortenLayer(fieldToRemove->m_NameOffsetInMessage, fieldToRemove->getFieldSize()))