From: Mike Stepanek (mstepane) Date: Mon, 19 Nov 2018 20:42:09 +0000 (-0500) Subject: Merge pull request #1423 in SNORT/snort3 from ~SMINUT/snort3:fuzz_segfault to master X-Git-Tag: 3.0.0-250~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b04040b157a009de869435399a3a9ae940d97f44;p=thirdparty%2Fsnort3.git Merge pull request #1423 in SNORT/snort3 from ~SMINUT/snort3:fuzz_segfault to master Squashed commit of the following: commit 680fd0e03fb815f05bcc3862d7486dcb7c88a9a8 Author: Silviu Minut Date: Fri Nov 2 16:19:05 2018 -0400 protocols: add vlan_idx field to Packet struct and handle multiple vlan type ids. Thanks to ymansour for reporting this issue. protocols: change int8 to unit8 for vlan_idx type. --- diff --git a/src/protocols/layer.cc b/src/protocols/layer.cc index e687c0105..f84db4305 100644 --- a/src/protocols/layer.cc +++ b/src/protocols/layer.cc @@ -144,11 +144,13 @@ const Layer* get_mpls_layer(const Packet* const p) const vlan::VlanTagHdr* get_vlan_layer(const Packet* const p) { - uint8_t num_layers = p->num_layers; - const Layer* lyr = p->layers; - - return reinterpret_cast( - find_inner_layer(lyr, num_layers, ProtocolId::ETHERTYPE_8021Q)); + if ( p->proto_bits & PROTO_BIT__VLAN ) + { + assert( p->vlan_idx < p->num_layers ); + const Layer* lyr = p->layers + p->vlan_idx; + return reinterpret_cast(lyr->start); + } + return nullptr; } const eth::EtherHdr* get_eth_layer(const Packet* const p) @@ -445,4 +447,3 @@ const icmp::ICMPHdr* get_icmp_embed_icmp(const ip::IpApi& api) { return reinterpret_cast(api.ip_data()); } } // namespace layer } // namespace snort - diff --git a/src/protocols/packet.h b/src/protocols/packet.h index 477c46226..b28fd053e 100644 --- a/src/protocols/packet.h +++ b/src/protocols/packet.h @@ -146,6 +146,8 @@ struct SO_PUBLIC Packet uint32_t user_ips_policy_id; uint32_t user_network_policy_id; + uint8_t vlan_idx; + // IP_MAXPACKET is the minimum allowable max_dsize // there is no requirement that all data fit into an IP datagram // but we do require that an IP datagram fit into Packet space @@ -352,4 +354,3 @@ inline uint64_t alignedNtohq(const uint64_t* ptr) } } #endif - diff --git a/src/protocols/packet_manager.cc b/src/protocols/packet_manager.cc index 7a62a5612..79282c9f1 100644 --- a/src/protocols/packet_manager.cc +++ b/src/protocols/packet_manager.cc @@ -174,7 +174,7 @@ void PacketManager::decode( } codec_data.codec_flags &= ~CODEC_ETHER_NEXT; } - + /* * We only want the layer immediately following SAVE_LAYER to have the * UNSURE_ENCAP flag set. So, if this is a SAVE_LAYER, zero out the @@ -219,8 +219,14 @@ void PacketManager::decode( if ( p->num_layers == CodecManager::max_layers ) DetectionEngine::queue_event(GID_DECODE, DECODE_TOO_MANY_LAYERS); else + { push_layer(p, prev_prot_id, raw.data, codec_data.lyr_len); + // Cache the index of the vlan layer for quick access. + if ( codec_data.proto_bits == PROTO_BIT__VLAN ) + p->vlan_idx = p->num_layers-1; + } + // internal statistics and record keeping s_stats[mapped_prot + stat_offset]++; // add correct decode for previous layer mapped_prot = CodecManager::s_proto_map[to_utype(codec_data.next_prot_id)]; @@ -918,4 +924,3 @@ void PacketManager::log_protocols(TextLog* const text_log, } } } -