search

Gui774ume / ebpfkit

ebpfkit is a rootkit powered by eBPF
Apache License 2.0
743 stars 85 forks source link

panic: runtime error: index out of range [32] with length 10 #5

Open yasindce1998 opened 2 years ago

yasindce1998 commented 2 years ago

I have installed everything successfully without any errors. But Still get when I run this


GET /get_net_dis HTTP/1.1
Host: localhost:8000
User-Agent: 0000_______________________________________________________________________________________________________________________________________________________________
_______________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________

2021/12/15 10:57:03 127.0.0.1:60878 - GET /get_net_dis - 404
DEBUG[2021-12-15T10:57:03Z] 
GET /get_fswatch HTTP/1.1
Host: localhost:8000
User-Agent: 0/ebpfkit/network_discovery#_______________________________________________________________________________________________________________________________________
_______________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________

2021/12/15 10:57:03 127.0.0.1:60878 - GET /get_fswatch - 404
panic: runtime error: index out of range [32] with length 10
goroutine 1 [running]:
github.com/Gui774ume/ebpfkit/cmd/ebpfkit-client/run/network_discovery.parseNetworkDiscoveryOutput(0xc000172000, 0xa, 0x200, 0x21, 0xc000169200, 0x1f4, 0xc000172000)
        /home/yasindce1998/ebpfkit/cmd/ebpfkit-client/run/network_discovery/get.go:61 +0x983
github.com/Gui774ume/ebpfkit/cmd/ebpfkit-client/run/network_discovery.SendGetNetworkDiscoveryRequest(0x84090e, 0x15, 0xc000040000, 0x0, 0x0)
        /home/yasindce1998/ebpfkit/cmd/ebpfkit-client/run/network_discovery/get.go:109 +0x1e0
github.com/Gui774ume/ebpfkit/cmd/ebpfkit-client/run.getNetworkDiscoveryCmd(0xb57b40, 0xc0000864c0, 0x0, 0x2, 0x0, 0x0)
        /home/yasindce1998/ebpfkit/cmd/ebpfkit-client/run/ebpfkit-client.go:164 +0x5f
github.com/spf13/cobra.(*Command).execute(0xb57b40, 0xc0000864a0, 0x2, 0x2, 0xb57b40, 0xc0000864a0)
        /home/yasindce1998/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:850 +0x460
github.com/spf13/cobra.(*Command).ExecuteC(0xb58080, 0x8c86c0, 0xc000094480, 0xc000068058)
        /home/yasindce1998/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:958 +0x349
github.com/spf13/cobra.(*Command).Execute(...)
        /home/yasindce1998/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:895
main.main()
        /home/yasindce1998/ebpfkit/cmd/ebpfkit-client/main.go:31 +0x8c```
It would be better if you give me some explanation about what's going on.
Thank you
tamilmaran5 commented 2 years ago

I'm facing the same issued kindly tell me the solution @Gui774ume

Gui774ume commented 2 years ago

Hey there 👋🏻

Thank you for reporting the bug. Please note that this repo was first and foremost a research project, we built it for a specific kernel version and environment and didn't plan any support for it. We wanted to prove that building a rootkit with eBPF was possible, not release an omnipotent one to the world.

That said, I'll try to have a look over the following weeks, but no promisses, I'm already swamped with my day job 😄

(in the meantime, if you want to prevent the panic, you could simply test that the remaining length of body in the parseNetworkDiscoveryOutput() function is at least 32 bytes in each iteration of the loop ...)

yasindce1998 commented 2 years ago

@Gui774ume Thank You for that. This repo helped me with my research.