Closed xmkg closed 4 years ago
I fixed a lot of issues with DNS parsing since v19.12. Can you please pull the latest code from master
and test again?
Tested with the current master
branch commit (6a78b5da5b5dbc31c4ccc0ff74513580a149c71e), it seems this issue is fixed now. I will re-test when the official release arrives. Closing this now.
btw, @seladb is there a way to disable dns parsing (or any other L7 protocol, actually) programatically?
Yes, the way to do it is to use the parseUntil
(for specific protocol) or parseUntilLayer
(for overall L7) parameters in pcpp::Packet
c'tor:
https://pcapplusplus.github.io/api-docs/classpcpp_1_1_packet.html#aaf61c3f9a5c12a7047774b42f31ee2ec
Here are some examples from PcapPlusPlus tests: https://github.com/seladb/PcapPlusPlus/blob/6a78b5da5b5dbc31c4ccc0ff74513580a149c71e/Tests/Packet%2B%2BTest/Tests/PacketTests.cpp#L592
Yes, the way to do it is to use the
parseUntil
(for specific protocol) orparseUntilLayer
(for overall L7) parameters inpcpp::Packet
c'tor: https://pcapplusplus.github.io/api-docs/classpcpp_1_1_packet.html#aaf61c3f9a5c12a7047774b42f31ee2ecHere are some examples from PcapPlusPlus tests: https://github.com/seladb/PcapPlusPlus/blob/6a78b5da5b5dbc31c4ccc0ff74513580a149c71e/Tests/Packet%2B%2BTest/Tests/PacketTests.cpp#L592
Great, thanks!
I'm currently experimenting with DNS vulnerabilities, and using pcapplusplus (v19.12) to read pcap files & individual dns payloads. It appears the pcap file provided in this issue breaks the internal dns parser provided with pcapplusplus.
The pcap file can be found in sample captures page of official wireshark wiki page. ("zlip-3.pcap" in crack traces section)
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=zlip-3.pcap
Crash happens in DnsResource.cpp, line 101.