Panic is triggered by none dns packet (?)

apernet / OpenGFW

OpenGFW is a flexible, easy-to-use, open source implementation of GFW (Great Firewall of China) on Linux

https://gfw.dev/

Mozilla Public License 2.0

9.47k stars 711 forks source link

Panic is triggered by none dns packet (?) #60

Closed taida957789 closed 6 months ago

taida957789 commented 6 months ago

It seems to be a problem with gopacket processing none packets (e.g dhcp ack). You may use recover() to handling the panic when any panic was triggered in packet parser.

there is no any buffer size checking at DNSQuestion.decode function

tobyxdd commented 6 months ago

Oops, I had no idea that gopacket would just panic on invalid packets like that. Perhaps the best solution would be to fix DNSQuestion.decode ourselves with a fork and submit a PR?

taida957789 commented 6 months ago

Yes, I think so, but from the point of view of using the library, do we need to consider adding a fault-tolerance mechanism to the analyzer?

tobyxdd commented 6 months ago

Turns out the latest version of gopacket already has this fix. I will just upgrade to the new version for now.