Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix undefined behavior in packet field setters #455

Merged
merged 1 commit into from Nov 27, 2020
Merged

Fix undefined behavior in packet field setters #455

merged 1 commit into from Nov 27, 2020

Conversation

tdryer
Copy link
Contributor

@tdryer tdryer commented Jul 27, 2020

It is currently possible to trigger undefined behavior in field setters
created by the packet macro, such as MutableIpv4Packet::set_payload,
by setting a buffer larger than the remaining space in the packet
buffer.

Fix this by replacing the unsafe copy_nonoverlapping call with
copy_from_slice. This function still compiles to memcpy, but
includes a range check which which will panic if the destination buffer
is too small.

Fixes #449. Fixes #411.

@kishiguro
Copy link
Contributor

CI failed with failed to load source for dependency ipnetwork...
Let me try to re-run CI for figuring out root cause.

@mrmonday mrmonday closed this Oct 9, 2020
@mrmonday mrmonday reopened this Oct 9, 2020
This was referenced Nov 27, 2020
Closed
Merged
@tdryer @mrmonday
Fix undefined behavior in packet field setters
dde31d2 
It is currently possible to trigger undefined behavior in field setters
created by the `packet` macro, such as `MutableIpv4Packet::set_payload`,
by setting a buffer larger than the remaining space in the packet
buffer.

Fix this by replacing the unsafe `copy_nonoverlapping` call with
`copy_from_slice`. This function still compiles to `memcpy`, but
includes a range check which which will panic if the destination buffer
is too small.

Fixes libpnet#449. Fixes libpnet#411.
@mrmonday
Copy link
Contributor

Just rebased this, hopefully CI will pass now.

@mrmonday
Copy link
Contributor

CI is taking too long, gonna merge this and test it locally.

@mrmonday mrmonday merged commit c5012d6 into libpnet:master Nov 27, 2020
@CodesInChaos CodesInChaos mentioned this pull request Nov 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Segfault in icmp send set_payload_length not labeled unsafe and does not check length of buffer
3 participants
@tdryer @kishiguro @mrmonday