added a check in sctp.unpack to prevent exception

kbandla / dpkt

fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols

Other

1.08k stars 270 forks source link

added a check in sctp.unpack to prevent exception #582

Closed K-Reddy1 closed 3 years ago

K-Reddy1 commented 3 years ago

when unpack is parsing a malformed sctp packet with improperly labeled chunk size, it will either infinitely loop (if size is labeled as 0), or throw an out of bounds exception (if listed size is larger than the real chunk size)

obormot commented 3 years ago

@K-Reddy1 Looks like one of the unit tests is failing. Please take a look

coveralls commented 3 years ago

Coverage increased (+0.0003%) to 99.813% when pulling dd38c64ca3dfec48b837d617ffc9fac0bc208c21 on K-Reddy1:sctp_malformed_unpack into fc7b59dc8a329542aba4fce70bd6631ec1351c58 on kbandla:master.

obormot commented 3 years ago

@K-Reddy1 any chance you could add a unit test for this condition? Looks like you already have the example data in the ticket:

dd = (
   b'\x00\x00\x00\x01\x00\x06\x00\x1b\x17\x05\x9e\x1c\x00\x00\x08\x00'
   b'\x45\x00\x00\x34\xcc\x09\x40\x00\x1e\x11\x41\x54\x95\xab\x7e\x01'
   b'\x3b\xa6\x00\x09\xb7\x51\x26\xab\x00\x20\xf3\xe8\x32\xbd\xab\xae'
   b'\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
   b'\x00\x00\x00\x00'
)

I'm Ok to merge this as is, but it'd be nice to not lose 100% test coverage on the parser.

K-Reddy1 commented 3 years ago

@obormot sounds good, unit test is on the way