-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unsafe access by index may panic #6
Comments
I suggest adding check in the packet function ensuring the message length is at least 240 bytes. |
This should fixed in 0.2.0 (we use nom now), I've made a PR to update sniffglue: kpcyrd/sniffglue#61 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've fuzzed sniffglue with cargo-fuzz for a couple of days and it discovered a panic in the packet processing. The panic occures inside dhcp4r, which is used for dhcp decoding. The problem seems to be an out of range access in
dhcp4r::packet::decode
.The packet that triggers the bug can be found here: kpcyrd/sniffglue#16
You may want to look into nom, as it's easier to decode packets and you get length checks for free. :)
The text was updated successfully, but these errors were encountered: