layers.decodeName may run out of stack

scroot / gopacket

Automatically exported from code.google.com/p/gopacket

BSD 3-Clause "New" or "Revised" License

0 stars 1 forks source link

layers.decodeName may run out of stack #46

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

It seems that layers.decodeName doesn't validate the dns packet well enough and 
in a badly crafted packet it can cause stack overflow.

code.google.com/p/gopacket/layers.decodeName(0xc209b1d24e, 0x6e, 0x6e, 0x4c, 
0xc209a40ca8, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
code.google.com/p/gopacket/layers/dns.go:297

Original issue reported on code.google.com by maje...@gmail.com on 23 Oct 2014 at 1:01

GoogleCodeExporter commented 9 years ago

Thanks for the heads-up!  Do you happen to have the specific bytes for the 
packet in question?  I'd love to have a good test case to work against.

Original comment by gconnell@google.com on 23 Oct 2014 at 3:14

GoogleCodeExporter commented 9 years ago

Nope, it happened just once so far. But if the code can deal with compression 
it's totally possible to jump to backward offset and end up in an infinite 
reursion loop.

Original comment by maje...@gmail.com on 23 Oct 2014 at 3:16

GoogleCodeExporter commented 9 years ago

This is totally true : as we need to handle DNS name compression, the code is  
recursive. One way would be to limit the level of recursion, and dump for later 
debugging purpose, the packet bytes.

Original comment by laurent....@gmail.com on 27 Oct 2014 at 2:48

Changed title: layers.decodeName may run out of stack

GoogleCodeExporter commented 9 years ago

Fixed at 
https://code.google.com/p/gopacket/source/detail?r=736b73650b61bfdbf957501cecb73
775327f0952

Original comment by gconnell@google.com on 11 Nov 2014 at 11:40

Changed state: Fixed