Bug in IDnsResource::decodeName.

[max197616]

If non-dns packet gets into DnsLayer, then we will get SIGSEGV, because function size_t IDnsResource::decodeName not checking going beyond the limits of the packet.

[max197616]

Similar problem in SSLClientHelloMessage::SSLClientHelloMessage:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd1dfe700 (LWP 13139)]
0x000000000056722b in pcpp::SSLClientHelloMessage::getExtensionsLenth (this=this@entry=0x7fffcc001cf0) at src/SSLHandshake.cpp:1243
1243 return ntohs((uint16_t)extensionLengthPos);
Missing separate debuginfos, use: debuginfo-install glibc-2.17-106.el7_2.8.x86_64 libgcc-4.8.5-4.el7.x86_64 libpcap-1.5.3-8.el7.x86_64 libstdc++-4.8.5-4.el7.x86_64
(gdb) bt
#0 0x000000000056722b in pcpp::SSLClientHelloMessage::getExtensionsLenth (this=this@entry=0x7fffcc001cf0) at src/SSLHandshake.cpp:1243
#1 0x0000000000567ac4 in pcpp::SSLClientHelloMessage::SSLClientHelloMessage (this=0x7fffcc001cf0,
data=0x7fffdbdfca18 "\001\364\213\005\001qϭnd\327P)D\260\251\033\254\277\022O\250\271\005\242\315\345qHp\326\346hɥ\374\065J/\331]\250\244\266\347\364O\347oA\022\aNdq\217\206\316n\005\265\216\365䡋\204Մ\263s\314m\263X\272E\216\016\003Ó", <incomplete sequence \372>, dataLen=48, container=<optimized out>) at src/SSLHandshake.cpp:1172 #2 0x000000000056800e in pcpp::SSLHandshakeMessage::createHandhakeMessage ( data=data@entry=0x7fffdbdfca18 "\001\364\213\005\001qϭnd\327P)D\260\251\033\254\277\022O\250\271\005\242\315\345qHp\326\346hɥ\374\065J/\331]\250\244\266\347\364O\347oA\022\aNdq\217\206\316n\005\265\216\365䡋\204Մ\263s\314m\263X\272E\216\016\003Ó", <incomplete sequence \372>, dataLen=dataLen@entry=48, container=container@entry=0x7fffcc000d30) at src/SSLHandshake.cpp:1110
#3 0x000000000056004a in pcpp::SSLHandshakeLayer::SSLHandshakeLayer (this=0x7fffcc000d30, data=, dataLen=, prevLayer=, packet=) at src/SSLLayer.cpp:183
#4 0x0000000000560151 in pcpp::SSLLayer::createSSLMessage (data=0x7fffdbdfca13 "\026\003\001", dataLen=53, prevLayer=prevLayer@entry=0x7fffcc002290, packet=0x7fffcc000ca8) at src/SSLLayer.cpp:77
#5 0x0000000000560259 in pcpp::SSLLayer::parseNextLayer (this=0x7fffcc002290) at src/SSLLayer.cpp:150
#6 0x000000000054221c in pcpp::Packet::setRawPacket (this=0x7fffcc000ca8, rawPacket=rawPacket@entry=0x7fffcc001a10, freeRawPacket=freeRawPacket@entry=true) at src/Packet.cpp:52
#7 0x000000000053790c in pcpp::DpdkDevice::receivePackets (this=, packetsArr=0x7fffd1dfdb98, packetsArrLength=@0x7fffd1dfdb94: 1, rxQueueId=) at src/DpdkDevice.cpp:1131

[seladb]

Can you please provide pcap files that throw these exceptions?

[max197616]

Add to the line https://github.com/seladb/PcapPlusPlus/blob/master/Packet%2B%2B/src/DnsLayer.cpp#L47 string "std::cout << "offsetInLayer: " << (int) offsetInLayer << std::endl;". Then use attached file.
dns_bad4.pcap.txt

[max197616]

Hex string of the wrong udp packet (make UdpPacket.dat) :
00005e0001016c416aba0e3f08004500021c7b8e00007d1148b559bd7e125bdd43e1ee4e00350208b35a7c9ba95b7a1ec46797ced43d0887f8ec644329b7342ac4d3712bc5d20b3182a61e91908b1c35187f51a34dcaba57e914da2f1c4738b74224edf7d9abd2b71c3df990b211387e28556f656af97dcd22976b5a02f19dace7bd4016f0df5153c21727d55f175db6d58eba1f72fb5d95d3cad7134023ee86cea732bd0bd144f4df9e92856b226177a04b22ece8933a317ef0f99c1cf2c5c7f01c6f2b73a90b3259a3bd20851d5c8dac6867162950cec32ff0e635180e3b78c8eb3c4a625d350e9ce4dd49ba8e25bf805cc41e4b8d8d6e1d5dd82c35c43eeb3709b02fd963234f3b80fb787b4f43bfce77c50116685c113ada4fdad84253ae2a7bd0dfde1a66027c4cc071ea785d427144bd3b46299927956237620c852161876a3ca003534ccf9a9525f72fd1342ab6eb96ec4b97061d9f1203b5f3bad2d7581ff6c916d8766f738c8101ca32abc7fc5c4ffc03a24e73f54ac604495a5d5b1c34a129f8b15ec3ef7b70e91a846142394bc04831ebf71ca42edadf2e6c1b408bf6c304eef138dfdfcda7c11b2a7f94db95d71645abc10f3a99c9a6f677e3e66b26eefa054e39f1e14426cfb07bac3eb41b47530042456a5cf40e4c7195ecf744a7fcd63707c30edb099912710077eef991c68f209aaefd1030b6235de544eb1edf93e7b840a94c356c98af1d645b07fd6ad941439ff56033468afc962ef7bbb47d1ac6516caa7fe5cf

[seladb]

Could you please send me the code you're running or the stack trace of the exception?
I tried to reproduce the exception with the pcap file you sent me but I can't reproduce it...
Also - what OS are you working on? I tried with Ubuntu 14.04.1

[max197616]

I simply made UdpPacket.dat with content that I wrote above and launched Pcap++Examples.PacketParsing:
$ gdb ./Pcap++Examples.PacketParsing
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /home/max/c++tests/PcapPlusPlus-master/Examples/Pcap++Examples.PacketParsing/Pcap++Examples.PacketParsing...done.
(gdb) r
Starting program: /home/max/c++tests/PcapPlusPlus-master/Examples/Pcap++Examples.PacketParsing/./Pcap++Examples.PacketParsing
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
pcpp::IDnsResource::decodeName (this=this@entry=0x6855f0, encodedName=0x68b0ca <Address 0x68b0ca out of bounds>, result="") at src/DnsLayer.cpp:38
38 uint8_t wordLength = encodedName[0];
Missing separate debuginfos, use: debuginfo-install glibc-2.17-106.el7_2.8.x86_64 libgcc-4.8.5-4.el7.x86_64 libpcap-1.5.3-8.el7.x86_64 libstdc++-4.8.5-4.el7.x86_64
(gdb) bt
#0 pcpp::IDnsResource::decodeName (this=this@entry=0x6855f0, encodedName=0x68b0ca <Address 0x68b0ca out of bounds>, result="") at src/DnsLayer.cpp:38
#1 0x0000000000427699 in pcpp::IDnsResource::decodeName (this=this@entry=0x6855f0,
encodedName=0x68777a "\371\220\262\021\070~(Uoej\371}\315"\227kZ\002\361\235\254\347\275@\026\360\337QS\302\027'\325_\027]\266Վ\272\037r\373]\225\323\312\327\023@#\356\206Χ2\275\v\321D\364ߞ\222\205k"aw\240K"\354\350\223:1~\360\371\234\034\362\305\307\360\034o+s\251\v2Y\243\275 \205\035\215\254hg\026)P\316\303/\360\346\065\030\016;x\310\353<Jb]5\016\234\344\335I\272\216%\277\200\\304\036K\215\215n\035]\330,5\304>\353\067\t\260/\331c#O;\200\373x{OC\277\316w\305\001\026h\021:\332O\332\330BS\256*{\320\337\336\032f\002|L\300q\352x]BqD"...,
result="\207\370\354dC)\267\064.\304\323q+\305\322\v1\202\246\036\221\220\213\034\065\030\177Q\243MʺW\351\024\332/\034G8\267B$\355\367٫ҷ\034=.")
at src/DnsLayer.cpp:54
#2 0x0000000000427903 in pcpp::IDnsResource::IDnsResource (this=this@entry=0x6855f0, dnsLayer=dnsLayer@entry=0x685580,
offsetInLayer=offsetInLayer@entry=12) at src/DnsLayer.cpp:17
#3 0x000000000042853f in DnsQuery (offsetInLayer=12, dnsLayer=0x685580, this=0x6855f0) at ./header/DnsLayer.h:329
#4 pcpp::DnsLayer::parseResources (this=this@entry=0x685580) at src/DnsLayer.cpp:534
#5 0x000000000042879c in pcpp::DnsLayer::DnsLayer (this=0x685580, data=, dataLen=, prevLayer=,
packet=) at src/DnsLayer.cpp:400
#6 0x0000000000420ee2 in pcpp::UdpLayer::parseNextLayer (this=0x685520) at src/UdpLayer.cpp:89
#7 0x0000000000423dfc in pcpp::Packet::setRawPacket (this=this@entry=0x7fffffffda40, rawPacket=, freeRawPacket=freeRawPacket@entry=false)
at src/Packet.cpp:52
#8 0x0000000000423f5b in pcpp::Packet::Packet (this=0x7fffffffda40, rawPacket=) at src/Packet.cpp:72
#9 0x0000000000402ea1 in main (argc=, argv=) at main.cpp:81

My OS is CentOS 7-2.1511.

[seladb]

OK, let me check that and come back to you

[seladb]

Fixed the DnsLayer bug. You said there's also a problem with SSLClientHelloMessage. Could you please provide a pcap file and the steps to reproduce the exception?

[max197616]

You have corrected bug is not entirely. Here's the output from the GDB:
...
#74830 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef36b7 <Address 0x7fc70fef36b7 out of bounds>, result="\366ˎ\324Z:l\030%FgY#j\b\250\330P(\317\357=F^\223\273\231\004\326\335v\346R\302\367\t\306\354X\332\302n[\377\245\322\000\r\205\366\374Ɲ\273\321LK\326v\365\334S\203/FIj\377\v\240\244r\206S\313g_\376Řv6\272\305\065\347n\274L֯\204\205\237\065\244_\355\303\026\314h>\000\000\001\002\000c\034ܫ\306f\031\210:\310\337\vS^IԀ\273\205\060<k\252\343T \234\340\215qUm\246.\;\230\301\t\257\343\\346\352\304\030\026\303{\035\223a\031\226\&\276\214\312s\321/\000\370\254k&\004E\327\332]\031\017%r\221k\033).XEMv[b\223A\366\251\006t\315M\222\344H"...) at src/DnsLayer.cpp:54
#74831 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef3475 <Address 0x7fc70fef3475 out of bounds>, result="\327\270\203\243\v\330KAWl\274I\366{\352(\212\066l\246Nϓ\361\260\223Y\330\354Wؘ\277bxm\340\275bl\300\337\021\362C\034\360\345\003\277HU\301\220\354Y\017\236ͺ\356"\275\276\207o\004\273$\233#\350\234\005.") at src/DnsLayer.cpp:54
#74832 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef36b7 <Address 0x7fc70fef36b7 out of bounds>, result="\366ˎ\324Z:l\030%FgY#j\b\250\330P(\317\357=F^\223\273\231\004\326\335v\346R\302\367\t\306\354X\332\302n[\377\245\322\000\r\205\366\374Ɲ\273\321LK\326v\365\334S\203/FIj\377\v\240\244r\206S\313g_\376Řv6\272\305\065\347n\274L֯\204\205\237\065\244_\355\303\026\314h>\000\000\001\002\000c\034ܫ\306f\031\210:\310\337\vS^IԀ\273\205\060<k\252\343T \234\340\215qUm\246.\;\230\301\t\257\343\\346\352\304\030\026\303{\035\223a\031\226\&\276\214\312s\321/\000\370\254k&\004E\327\332]\031\017%r\221k\033).XEMv[b\223A\366\251\006t\315M\222\344H"...) at src/DnsLayer.cpp:54
#74833 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef3475 <Address 0x7fc70fef3475 out of bounds>, result="\327\270\203\243\v\330KAWl\274I\366{\352(\212\066l\246Nϓ\361\260\223Y\330\354Wؘ\277bxm\340\275bl\300\337\021\362C\034\360\345\003\277HU\301\220\354Y\017\236ͺ\356"\275\276\207o\004\273$\233#\350\234\005.") at src/DnsLayer.cpp:54
#74834 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef36b7 <Address 0x7fc70fef36b7 out of bounds>, result="\366ˎ\324Z:l\030%FgY#j\b\250\330P(\317\357=F^\223\273\231\004\326\335v\346R\302\367\t\306\354X\332\302n[\377\245\322\000\r\205\366\374Ɲ\273\321LK\326v\365\334S\203/FIj\377\v\240\244r\206S\313g_\376Řv6\272\305\065\347n\274L֯\204\205\237\065\244_\355\303\026\314h>\000\000\001\002\000c\034ܫ\306f\031\210:\310\337\vS^IԀ\273\205\060<k\252\343T \234\340\215qUm\246.\;\230\301\t\257\343\\346\352\304\030\026\303{\035\223a\031\226\&\276\214\312s\321/\000\370\254k&\004E\327\332]\031\017%r\221k\033).XEMv[b\223A\366\251\006t\315M\222\344H"...) at src/DnsLayer.cpp:54
#74835 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef3475 <Address 0x7fc70fef3475 out of bounds>, result="\327\270\203\243\v\330KAWl\274I\366{\352(\212\066l\246Nϓ\361\260\223Y\330\354Wؘ\277bxm\340\275bl\300\337\021\362C\034\360\345\003\277HU\301\220\354Y\017\236ͺ\356"\275\276\207o\004\273$\233#\350\234\005.") at src/DnsLayer.cpp:54
#74836 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef36b7 <Address 0x7fc70fef36b7 out of bounds>, result="\366ˎ\324Z:l\030%FgY#j\b\250\330P(\317\357=F^\223\273\231\004\326\335v\346R\302\367\t\306\354X\332\302n[\377\245\322\000\r\205\366\374Ɲ\273\321LK\326v\365\334S\203/FIj\377\v\240\244r\206S\313g_\376Řv6\272\305\065\347n\274L֯\204\205\237\065\244_\355\303\026\314h>\000\000\001\002\000c\034ܫ\306f\031\210:\310\337\vS^IԀ\273\205\060<k\252\343T \234\340\215qUm\246.\;\230\301\t\257\343\\346\352\304\030\026\303{\035\223a\031\226\&\276\214\312s\321/\000\370\254k&\004E\327\332]\031\017%r\221k\033).XEMv[b\223A\366\251\006t\315M\222\344H"...) at src/DnsLayer.cpp:54
#74837 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef3475 <Address 0x7fc70fef3475 out of bounds>, result="\327\270\203\243\v\330KAWl\274I\366{\352(\212\066l\246Nϓ\361\260\223Y\330\354Wؘ\277bxm\340\275bl\300\337\021\362C\034\360\345\003\277HU\301\220\354Y\017\236ͺ\356"\275\276\207o\004\273$\233#\350\234\005.") at src/DnsLayer.cpp:54
#74838 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef36b7 <Address 0x7fc70fef36b7 out of bounds>, result="\366ˎ\324Z:l\030%FgY#j\b\250\330P(\317\357=F^\223\273\231\004\326\335v\346R\302\367\t\306\354X\332\302n[\377\245\322\000\r\205\366\374Ɲ\273\321LK\326v\365\334S\203/FIj\377\v\240\244r\206S\313g_\376Řv6\272\305\065\347n\274L֯\204\205\237\065\244_\355\303\026\314h>\000\000\001\002\000c\034ܫ\306f\031\210:\310\337\vS^IԀ\273\205\060<k\252\343T \234\340\215qUm\246.\;\230\301\t\257\343\\346\352\304\030\026\303{\035\223a\031\226\&\276\214\312s\321/\000\370\254k&\004E\327\332]\031\017%r\221k\033).XEMv[b\223A\366\251\006t\315M\222\344H"...) at src/DnsLayer.cpp:54
#74839 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef3475 <Address 0x7fc70fef3475 out of bounds>, result="\327\270\203\243\v\330KAWl\274I\366{\352(\212\066l\246Nϓ\361\260\223Y\330\354Wؘ\277bxm\340\275bl\300\337\021\362C\034\360\345\003\277HU\301\220\354Y\017\236ͺ\356"\275\276\207o\004\273$\233#\350\234\005.") at src/DnsLayer.cpp:54
#74840 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef36b7 <Address 0x7fc70fef36b7 out of bounds>, result="\366ˎ\324Z:l\030%FgY#j\b\250\330P(\317\357=F^\223\273\231\004\326\335v\346R\302\367\t\306\354X\332\302n[\377\245\322\000\r\205\366\374Ɲ\273\321LK\326v\365\334S\203/FIj\377\v\240\244r\206S\313g_\376Řv6\272\305\065\347n\274L֯\204\205\237\065\244_\355\303\026\314h>\000\000\001\002\000c\034ܫ\306f\031\210:\310\337\vS^IԀ\273\205\060<k\252\343T \234\340\215qUm\246.\;\230\301\t\257\343\\346\352\304\030\026\303{\035\223a\031\226\&\276\214\312s\321/\000\370\254k&\004E\327\332]\031\017%r\221k\033).XEMv[b\223A\366\251\006t\315M\222\344H"...) at src/DnsLayer.cpp:54
#74841 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef3475 <Address 0x7fc70fef3475 out of bounds>, result="\327\270\203\243\v\330KAWl\274I\366{\352(\212\066l\246Nϓ\361\260\223Y\330\354Wؘ\277bxm\340\275bl\300\337\021\362C\034\360\345\003\277HU\301\220\354Y\017\236ͺ\356"\275\276\207o\004\273$\233#\350\234\005.") at src/DnsLayer.cpp:54
#74842 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef36b7 <Address 0x7fc70fef36b7 out of bounds>, result="\366ˎ\324Z:l\030%FgY#j\b\250\330P(\317\357=F^\223\273\231\004\326\335v\346R\302\367\t\306\354X\332\302n[\377\245\322\000\r\205\366\374Ɲ\273\321LK\326v\365\334S\203/FIj\377\v\240\244r\206S\313g_\376Řv6\272\305\065\347n\274L֯\204\205\237\065\244_\355\303\026\314h>\000\000\001\002\000c\034ܫ\306f\031\210:\310\337\vS^IԀ\273\205\060<k\252\343T \234\340\215qUm\246.\;\230\301\t\257\343\\346\352\304\030\026\303{\035\223a\031\226\&\276\214\312s\321/\000\370\254k&\004E\327\332]\031\017%r\221k\033).XEMv[b\223A\366\251\006t\315M\222\344H"...) at src/DnsLayer.cpp:54
#74843 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef3475 <Address 0x7fc70fef3475 out of bounds>, result="\327\270\203\243\v\330KAWl\274I\366{\352(\212\066l\246Nϓ\361\260\223Y\330\354Wؘ\277bxm\340\275bl\300\337\021\362C\034\360\345\003\277HU\301\220\354Y\017\236ͺ\356"\275\276\207o\004\273$\233#\350\234\005.") at src/DnsLayer.cpp:54
#74844 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef36b7 <Address 0x7fc70fef36b7 out of bounds>, result="\366ˎ\324Z:l\030%FgY#j\b\250\330P(\317\357=F^\223\273\231\004\326\335v\346R\302\367\t\306\354X\332\302n[\377\245\322\000\r\205\366\374Ɲ\273\321LK\326v\365\334S\203/FIj\377\v\240\244r\206S\313g_\376Řv6\272\305\065\347n\274L֯\204\205\237\065\244_\355\303\026\314h>\000\000\001\002\000c\034ܫ\306f\031\210:\310\337\vS^IԀ\273\205\060<k\252\343T \234\340\215qUm\246.\;\230\301\t\257\343\\346\352\304\030\026\303{\035\223a\031\226\&\276\214\312s\321/\000\370\254k&\004E\327\332]\031\017%r\221k\033).XEMv[b\223A\366\251\006t\315M\222\344H"...) at src/DnsLayer.cpp:54
#74845 0x000000000052ce26 in pcpp::IDnsResource::decodeName (this=0x7fc700003220, encodedName=0x7fc70fef3475 <Address 0x7fc70fef3475 out of bounds>, result="$\377.\304L\036\272\022\375P"1\020<wǙ\215Y\225V\224\276tx\000zMw,\240R\202\265%+\201X\341_\226\272\315\004\324.\327\270\203\243\v\330K~AWl\274I\366{\352(\212\066l\246Nϓ\361\260\223Y\330\354Wؘ\277bxm\340\275bl\300\337\021\362C\034\360\345\003\277HU\301\220\354Y\017\236ͺ\356"\275\276\207o\004\273$\233#\350\234\005.") at src/DnsLayer.cpp:54
#74846 0x000000000052cbc5 in pcpp::IDnsResource::IDnsResource (this=0x7fc700003220, dnsLayer=0x7fc700003170, offsetInLayer=16) at src/DnsLayer.cpp:17
#74847 0x00000000005318b7 in pcpp::DnsQuery::DnsQuery (this=0x7fc700003220, dnsLayer=0x7fc700003170, offsetInLayer=16) at ./header/DnsLayer.h:329
#74848 0x000000000052ec51 in pcpp::DnsLayer::parseResources (this=0x7fc700003170) at src/DnsLayer.cpp:534
#74849 0x000000000052e6d8 in pcpp::DnsLayer::DnsLayer (this=0x7fc700003170, data=0x7fc70fef33ea <Address 0x7fc70fef33ea out of bounds>, dataLen=482, prevLayer=0x7fc700003130, packet=0x7fc700000d28) at src/DnsLayer.cpp:400
#74850 0x0000000000526021 in pcpp::UdpLayer::parseNextLayer (this=0x7fc700003130) at src/UdpLayer.cpp:89
#74851 0x00000000005268d3 in pcpp::Packet::setRawPacket (this=0x7fc700000d28, rawPacket=0x7fc7000030a0, freeRawPacket=true) at src/Packet.cpp:52
#74852 0x000000000051da3c in pcpp::DpdkDevice::receivePackets (this=, packetsArr=0x7fc705ffdb98, packetsArrLength=@0x7fc705ffdb94: 32, rxQueueId=) at src/DpdkDevice.cpp:1131

The function 'pcpp::IDnsResource::decodeName' loops.

[max197616]

In the functions for working with SSL (e.g. SSLClientHelloMessage::getSessionIDLength, SSLClientHelloMessage::getCipherSuiteCount) never checked obtained values. As a result, there is going beyond the borders of the packet:
(gdb) bt full
#0 0x00007fdfd43d55f7 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007fdfd43d6ce8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00007fdfd52a31f5 in Poco::SignalHandler::handleSignal(int) () from /lib64/libPocoFoundation.so.31
No symbol table info available.
#3
No symbol table info available.
#4 0x0000000000558a9f in pcpp::SSLClientHelloMessage::getExtensionsLenth (this=0x7fdfa8002ef0) at src/SSLHandshake.cpp:1245
extensionLengthPos = 0x7fdfba204154 <Address 0x7fdfba204154 out of bounds>
#5 0x0000000000558724 in pcpp::SSLClientHelloMessage::SSLClientHelloMessage (this=0x7fdfa8002ef0, data=0x7fdfba1f4898 <Address 0x7fdfba1f4898 out of bounds>, dataLen=40, container=0x7fdfa8002e90) at src/SSLHandshake.cpp:1174
extensionLength = 0
curPos = 0x38 <Address 0x38 out of bounds>
messageLen = 192
extensionLengthPos = 0x7fdfba204154 <Address 0x7fdfba204154 out of bounds>
extensionPos = 0x1 <Address 0x1 out of bounds>
#6 0x0000000000558365 in pcpp::SSLHandshakeMessage::createHandhakeMessage (data=0x7fdfba1f4898 <Address 0x7fdfba1f4898 out of bounds>, dataLen=40, container=0x7fdfa8002e90) at src/SSLHandshake.cpp:1112
hsMsgHeader = 0x7fdfba1f4898
#7 0x0000000000543b7f in pcpp::SSLHandshakeLayer::SSLHandshakeLayer (this=0x7fdfa8002e90, data=0x7fdfba1f4893 <Address 0x7fdfba1f4893 out of bounds>, dataLen=45, prevLayer=0x7fdfa8002e50, packet=0x7fdfa8000c38) at src/SSLLayer.cpp:185
message = 0x7fdfba1f4893
curPos = 0x7fdfba1f4898 <Address 0x7fdfba1f4898 out of bounds>
recordDataLen = 40
curPosIndex = 0
#8 0x000000000054345d in pcpp::SSLLayer::createSSLMessage (data=0x7fdfba1f4893 <Address 0x7fdfba1f4893 out of bounds>, dataLen=45, prevLayer=0x7fdfa8002e50, packet=0x7fdfa8000c38) at src/SSLLayer.cpp:79
recordLayer = 0x7fdfba1f4893
#9 0x0000000000543885 in pcpp::SSLLayer::parseNextLayer (this=0x7fdfa8002e50) at src/SSLLayer.cpp:152
headerLen = 6
#10 0x00000000005268d3 in pcpp::Packet::setRawPacket (this=0x7fdfa8000c38, rawPacket=0x7fdfa8002cb0, freeRawPacket=true) at src/Packet.cpp:52
curLayer = 0x7fdfa8002e50
#11 0x000000000051da3c in pcpp::DpdkDevice::receivePackets (this=, packetsArr=0x7fdfb01fdb98, packetsArrLength=@0x7fdfb01fdb94: 32, rxQueueId=) at src/DpdkDevice.cpp:1131
mBuf = 0x7fdfba1f4700
newRawPacket = 0x7fdfa8002cb0
index = 11
mBufArray = {0x7fdfba1ee140, 0x7fdfba1eea80, 0x7fdfba1ef3c0, 0x7fdfba1efd00, 0x7fdfba1f0640, 0x7fdfba1f0f80, 0x7fdfba1f18c0, 0x7fdfba1f2200, 0x7fdfba1f2b40, 0x7fdfba1f3480, 0x7fdfba1f3dc0, 0x7fdfba1f4700, 0x7fdfba1f5040,
0x7fdfba1f5980, 0x7fdfba1f62c0, 0x7fdfba1f6c00, 0x7fdfba1f7540, 0x7fdfba1f7e80, 0x7fdfba1f87c0, 0x7fdfba1f9100, 0x7fdfba1f9a40, 0x7fdfba1fa380, 0x7fdfba1facc0, 0x7fdfba1fb600, 0x7fdfba1fbf40, 0x7fdfba1fc880, 0x7fdfba1fd1c0,
0x7fdfba1fdb00, 0x7fdfba1fe440, 0x7fdfba1fed80, 0x7fdfba1ff6c0, 0x7fdfb9c38000, 0x7fdfa8002010, 0xa4ab90, 0x7fdfb01fdab0, 0x7fdfa8000878, 0x7fdfb01fdac0, 0xa4ab90, 0xa49f10, 0x7fdfa80008c8, 0x0,
0x5298ea <gnu_cxx::new_allocatorpcpp::Layer::deallocate(pcpp::Layer_, unsigned long)+32>, 0x4000000000000000, 0x7fdfa80008f8, 0x7fdfb01fdad0, 0x5292be <std::allocatorpcpp::Layer_::allocator()+24>, 0x7fdfb01fdaf0,
0x7fdfa80008f8, 0x7fdfb01fdaf0, 0x52891a <std::_Vector_base<pcpp::Layer*, std::allocatorpcpp::Layer* >::_Vector_impl::_Vector_impl()+24>, 0x7fdfa8002000, 0x7fdfa80008f8, 0x7fdfb01fdb20,
0x528984 <std::_Vector_base<pcpp::Layer*, std::allocatorpcpp::Layer* >::~_Vector_base()+78>, 0xa49f10, 0x7fdfa80008f8, 0x7fdfa8002000, 0x7fdfa8000878, 0x7fdfb01fdb50,
0x528506 <std::vector<pcpp::Layer*, std::allocatorpcpp::Layer* >::~vector()+66>, 0x7fdfa8002000, 0x7fdfa80008f8, 0x7fdfa8002000, 0x7fdfa8000878}
__FUNCTION** = "receivePackets"
time = {tv_sec = 1472471525, tv_usec = 553234}

[max197616]

I made a simple application and ran it on the live traffic. After some time, the application is terminated due to exhausting all available memory. The problem in the code of parsing packets for each layer.

[seladb]

When you're saying that the problem in the code of parsing packets for each layer - do you mean the bugs in DNS and SSL parsing you mentioned? Or do you think there are other bugs as well?

[max197616]

For the experiment, I disabled SSL and DNS layers. The first potential problem in the line 367 in the file HttpLayer.cpp: using strlen is not safe. I think that you must use strnlen, like: m_FieldSize = strnlen(fieldData,m_HttpMessage->m_DataLen);

[seladb]

Since I don't have the testing environment that you have it's difficult for me to reproduce the bugs you encounter. I'm currently working on the DNS bug, then I'll move to the SSL bug and then to the HTTP bug. I'd really appreciate if you can help me verify the bugfixes and find more bugs. Also, I'd appreciate if you can send me pcap files that reproduce these bugs. I will add tests to Packet++ unit-test with these files

[seladb]

I hope I fixed the 3 issues you found (DNS, SSL and HTTP). Please tell me if they are really fixed and if you find more. In addition, I'd appreciate if you can send me pcap files that reproduce these bugs. I will add tests to Packet++ unit-test with these files

[max197616]

I think that in the HTTP layer strchr must be replaced by memchr.

[max197616]

I can't make pcap files, because files are very big, I launch application on 10gbe interface.

[seladb]

Thanks for the pull request, I merged it into master branch. Did you verify my fixes in DNS, SSL and HTTP layers? Do you still see crashes or memory leaks in those or other layers?

[max197616]

HTTP layer worke fine. DNS layer still have problem:
....
#74850 0x0000000000547caf in pcpp::IDnsResource::decodeName (this=this@entry=0x7fd12c0013a0, encodedName=0x7fd13fac1c40 <Address 0x7fd13fac1c40 out of bounds>, result="\005.8Zd\247\206\366\332\v\270^\362\260:\035\fL.8\035\214\203\230\313\372{g&K\346\351\023\362\276\304.\201\240\324\352\343I6\364a ͞_\035\022\rm\252\025?n4\326~#\243\260\376>a\352T.c\212\321\327\064\063J\020fB\374\274\217B\276\025E\355\361a\306\363Tg\263\031\246\327v\vTb\264k\342$\370:\247\275\350\337\323R[1\337L\tv\311Q\204\330\310\177\273\274\375{i\255ŧYVs\213\005\216\311\001.\331[N\236\270\262Ҍ\361\063K>\322\351\212\061\374\303\366\374\310\035\210Ө\224\006ňT\374\274ς\371\214?\312\314\355:\325\006z\025G\fie\273B\200\216ڲSF@\321\031"...) at src/DnsLayer.cpp:74
offsetInLayer = 151
tempResult = "\005.8Zd\247\206\366\332\v\270^\362\260:\035\fL.8\035\214\203\230\313\372{g&K\346\351\023\362\276\304.\201\240\324\352\343I6\364a ͞\035\022\rm\252\025?n4\326~#\243\260\376>a\352T.c\212\321\327\064\063J\020fB\374\274\217B\276\025E\355\361a\306\363Tg\263\031\246\327v\vTb\264k\342$\370:\247\275\350\337\323R[1\337L\tv\311Q\204\330\310\177\273\274\375{i\255ŧYVs\213\005\216\311\001.\331[N\236\270\262Ҍ\361\063K>\322\351\212\061\374\303\366\374\310\035\210Ө\224\006ňT\374\274ς\371\214?\312\314\355:\325\006z\025G\fie\273B\200\216ڲSF@\321\031"...
encodedNameLength =
curOffsetInLayer =
wordLength =
#74851 0x0000000000547caf in pcpp::IDnsResource::decodeName (this=this@entry=0x7fd12c0013a0, encodedName=0x7fd13fac1c40 <Address 0x7fd13fac1c40 out of bounds>, result="\005.8Zd\247\206\366\332\v\270^\362\260:\035\fL.8\035\214\203\230\313\372{g&K\346\351\023\362\276\304.\201\240\324\352\343I6\364a ͞\035\022\rm\252\025?n4\326~#\243\260\376>a\352T.c\212\321\327\064\063J\020fB\374\274\217B\276\025E\355\361a\306\363Tg\263\031\246\327v\vTb\264k\342$\370:\247\275\350\337\323R[1\337L\tv\311Q\204\330\310\177\273\274\375{i\255ŧYVs\213\005\216\311\001.\331[N\236\270\262Ҍ\361\063K>\322\351\212\061\374\303\366\374\310\035\210Ө\224\006ňT\374\274ς\371\214?\312\314\355:\325\006z\025G\fie\273B\200\216ڲSF@\321\031"...) at src/DnsLayer.cpp:74
offsetInLayer = 151
tempResult = "\005.8Zd\247\206\366\332\v\270^\362\260:\035\fL.8\035\214\203\230\313\372{g&K\346\351\023\362\276\304.\201\240\324\352\343I6\364a ͞\035\022\rm\252\025?n4\326~#\243\260\376>a\352T.c\212\321\327\064\063J\020fB\374\274\217B\276\025E\355\361a\306\363Tg\263\031\246\327v\vTb\264k\342$\370:\247\275\350\337\323R[1\337L\tv\311Q\204\330\310\177\273\274\375{i\255ŧYVs\213\005\216\311\001.\331[N\236\270\262Ҍ\361\063K>\322\351\212\061\374\303\366\374\310\035\210Ө\224\006ňT\374\274ς\371\214?\312\314\355:\325\006z\025G\fie\273B\200\216ڲSF@\321\031"...
encodedNameLength =
curOffsetInLayer =
wordLength =
#74852 0x0000000000547caf in pcpp::IDnsResource::decodeName (this=this@entry=0x7fd12c0013a0, encodedName=0x7fd13fac1c40 <Address 0x7fd13fac1c40 out of bounds>, result="") at src/DnsLayer.cpp:74
offsetInLayer = 151
tempResult = "\005.8Zd\247\206\366\332\v\270^\362\260:\035\fL.8\035\214\203\230\313\372{g&K\346\351\023\362\276\304.\201\240\324\352\343I6\364a ͞\035\022\rm\252\025?n4\326~#\243\260\376>a\352T.c\212\321\327\064\063J\020fB\374\274\217B\276\025E\355\361a\306\363Tg\263\031\246\327v\vTb\264k\342$\370:\247\275\350\337\323R[1\337L\tv\311Q\204\330\310\177\273\274\375{i\255ŧYVs\213\005\216\311\001.\331[N\236\270\262Ҍ\361\063K>_\322\351\212\061\374\303\366\374\310\035\210Ө\224\006ňT\374\274ς\371\214?\312\314\355:\325\006z\025G\fie\273B\200\216ڲSF@\321\031"...
encodedNameLength =
curOffsetInLayer =
wordLength =
#74853 0x0000000000547ee3 in pcpp::IDnsResource::IDnsResource (this=this@entry=0x7fd12c0013a0, dnsLayer=dnsLayer@entry=0x7fd12c000c90, offsetInLayer=offsetInLayer@entry=406) at src/DnsLayer.cpp:30
No locals.
#74854 0x0000000000548b1f in DnsQuery (offsetInLayer=406, dnsLayer=0x7fd12c000c90, this=0x7fd12c0013a0) at ./header/DnsLayer.h:330
No locals.
#74855 pcpp::DnsLayer::parseResources (this=this@entry=0x7fd12c000c90) at src/DnsLayer.cpp:562
resType = pcpp::IDnsResource::DnsQuery
newResource = 0x0
i = 15
offsetInPacket = 406
numOfQuestions = 17142
numOfAnswers = 1
numOfAuthority = 0
curResource =
numOfOtherResources = 36527
#74856 0x0000000000548d7c in pcpp::DnsLayer::DnsLayer (this=0x7fd12c000c90, data=, dataLen=, prevLayer=, packet=) at src/DnsLayer.cpp:428
No locals.
#74857 0x000000000055b19f in pcpp::UdpLayer::parseNextLayer (this=0x7fd12c000dd0) at src/UdpLayer.cpp:88
portDst = 53
portSrc = 56732
#74858 0x000000000056264c in pcpp::Packet::setRawPacket (this=this@entry=0x7fd135ffdb40, rawPacket=, freeRawPacket=freeRawPacket@entry=false) at src/Packet.cpp:52
curLayer = 0x7fd12c000dd0
#74859 0x00000000005627ab in pcpp::Packet::Packet (this=0x7fd135ffdb40, rawPacket=) at src/Packet.cpp:72

[seladb]

It's hard to understand from this stack trace what's the exception and why it occurs. Can you please send me a pcap file or some other information so I can reproduce it in my environment?

[max197616]

SSLlayer is work as expected.
I'll try to get a dump of DNS traffic to reproduce the problem.

[max197616]

I've attached dump of dns packets:
dnslayer.pcap.txt
And the last packet in hex (which cause segmentation fault at DnsLayer.cpp):
00005e0001016c416aba0e3f08004500021c45a100007e1106e559bd77251f83fde5efc70035020896c72fcf0bc1e56d6598ba0cf52d09c295f73da4e6e2d1b920c35b647810a1bd33be593337adcae7d81ff54185e05abbed148c60b51a965b73f83f1f1c8333c04c60ba49dab5bb72cb24d5776feb1987eb380c73f7f216a02f0122b805df49b87d67b5e530f2876b8d22ede28fe489835a97ce6e0e0fefa6cc8df50cb58d765b19bf9ec3ae467ae263b8cccc4a1b15633aa88914025b51345c86739cdc865e37a5698fe9dde30e93d78f365c7d42fbc7dbeeeef63c95fd329ab80c15cca57eca1adaefa1d3f052c2878352476f03bf91989a777b16333c33356c565cddb0676b0402f95459cd694ca7614db2df3546c4756cdf8e3333f62764883393673710ecb8d645a0b5d8d5a10677ee9ac4aac874908cf8132cf4f675d868c2e2d578098de33ebf0adadf4a12d74630f460516781f9da192b30298a48cc9dd45f938dfde3aa7f6851f9c0fa188a863c42827d0cbb52d84b17ffef4a67c86e695a878a46bbaeb4295d9ef62070de811b42d8fea0b38d181e2fc2b9c7d957e55ef6f8a02dfa0832a7240eabafa3f30a80ffc0e2179d15d152a4ccda850f4f69911d905751392911cde8486d1b8bae1c71480563d7e655e43b5a0a00a4e440c1285f511b3b2867126ed741d200bb1bf0279d59c2bdc4c5c2237ab6f7dd8aea3a08ff79289c92c6dcea54b52446300bd5af20c6cfed09ee8eefa807146527646b0ba19421f2c9ca25

[seladb]

I can't reproduce the segmentation fault with the last packet in the pcap file. I tried running PcapPrinter and Pcap++Examples.PacketParsing with this packet on both Windows 7 and Ubuntu 12.04 32-bit but no success in reproducing it. Can you share your code and OS?

[max197616]

I launch DpdkTrafficFilter application from the examples on the mirror of real traffic. Program receives ~ 130000 packets per second.
My OS is CentOS 7.

[seladb]

I don't have CentOS 7 and I can simulate DpdkTrafficFilter only on Ubuntu VM. I'll try to reproduce it, hope I'll be able to. Can you please try to debug the problem and suggest a solution?

[max197616]

I'll try to reproduce the issue and find the source of its origin.

[max197616]

Try packet on Pcap++Examples.PacketParsing:
00005e0001016c416aba0e3f08004500021c237900007d11372859bd66665fd5c137ca26003502089864ebc5374c9fda6408b7d1bc66ac94c0f876dff63d63cd55daa81ce6b47e51a185af540f7ad8adf1200260f1e176c5ee1429d3cd379c9abc0cf891e9f1e38140af6ca3df0bae59b52c122a3f6f7c8ba211e0068fd1e209438d49b924d932d2da69fabc9eb8b7fec40e6452729558f12fc7a94a32721106181c07d3a0e0d3bdf33adca0ae0259751b55c7cf1c0214d86de799dae829e5650bdbde4f35b72e9e7370f2a768dcf2067644ed45ba468a74349fbadf7199d240a38b8cc00ce7b400ec4cb2de7677eb2f264d3b18443b34d36d2dc7f9f243524059633b16b46573f53787a6400ce45a6bca4c72dff226cbcbc8eec5927a24f7cafe599c3b1b19dd01c49546f1b88af83fd56291b11f5b380c7f0513a4ab057ae1f12c3b4e8211f40c6e0882585ddf9c2e2ea60bdc5e631bf42c082e3c320e7f23e53fb0034d848652325163ae54d09cec126fc63e97eb0740c6a3714e5fbb2896016eea131cd6d357bc16f70cc1e65fc76232f00de0d7eddd360eca234cbac911a57b3e68d1705b3e53d50afb7a1827444f5b8ed4d835332f402faf92cb6079cd70b964165eaa8cd65bdcb68e917875d88ffb3ac0e405eec25e8a3bb644abaf115f6ba4cb27bcf5b12bfbc9be7c983b598d7a3cc1867686f30ac5f6d700b692475b80fa0502b41d0722b959dd64cbc0c0f440626510c84aed3e2712925d9f885996e7db83f87025176687

[max197616]

I think that in function DnsLayer::parseResources you must check numOfQuestions and numOfAnswers for valid values, for an example these values can't be more then 16. This will reduce the processing time of non valid DNS packets.

[seladb]

You're right, I'll add this code. In addition I found the problem in the packet you sent - there is an endless loop there. I'll fix that either

[seladb]

Fixed that issue, please tell me if you see more segmentation faults or memory leaks

[seladb]

Please notify me if everything is ok so I can close the bug

[max197616]

I launched a test application during ~ 8 hours and was not observed problems.
Thank you!