🐞 fix(parse_quic_uncryption_payload): 增加长度判断，修复长度异常时造成的内存非法读

附test/pcap/quic_len-2.pcapng为解析长度异常的包
🔧 build(cmake version): 更新最低版本要求至3.10，修复changelog脚本生成可能报错的问题
2023-07-28 23:24:57 +08:00 · 2023-07-28 23:22:51 +08:00 · 2023-07-26 19:21:14 +08:00
6 changed files with 15 additions and 4 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required (VERSION 2.8)
+cmake_minimum_required (VERSION 2.8...3.10)

 set(lib_name quic)

--- a/cmake/changelog.sh
+++ b/cmake/changelog.sh
@@ -1,4 +1,4 @@
 #!/bin/sh
 work_path=$1
-branch=`git status | grep branch | awk '{print $NF}'`
+branch=`git status | grep 'On branch' | awk '{print $NF}'`
 git log --branches=$branch --no-merges --date=local --show-signature --pretty="* %ad %an %ae %nhash: %H%ncommit:%n%B"  | awk -F"-" '{print "- "$0}' | sed 's/- \*/\*/g' | sed 's/- $//g' | sed 's/-/  -/g' | sed 's/[0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}//g' > $work_path/changelog.txt
--- a/src/quic_entry.cpp
+++ b/src/quic_entry.cpp
@@ -321,6 +321,8 @@ extern "C" long long QUIC_FLAG_CHANGE(char* flag_str)

 extern "C" void QUIC_DESTROY(void)
 {
+	MESA_destroy_runtime_log_handle(g_quic_param.logger);
+	g_quic_param.logger = NULL;
 	return ;
 }

--- a/src/quic_process.cpp
+++ b/src/quic_process.cpp
@@ -737,6 +737,11 @@ enum QUIC_VERSION is_quic_protocol(const char *payload, int payload_len, int *pa
 	enum QUIC_VERSION quic_version=QUIC_VERSION_UNKNOWN;
 	unsigned char frame_type=(unsigned char)(payload[0]);

+	if(payload_len<=4)
+	{
+		return QUIC_VERSION_UNKNOWN;
+	}
+
 	if(frame_type&QUIC_LONG_HEADER_MASK)
 	{
 		quic_version=identify_quic_version(payload, payload_len, payload_offset);
@@ -773,7 +778,11 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
 	
 	if(quic_version>=GQUIC_VERSION_Q001 && quic_version<=GQUIC_VERSION_Q048)
 	{
-		return parse_quic_uncryption_payload(quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
+		if(payload_len > payload_offset)
+		{
+			return parse_quic_uncryption_payload(quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
+		}
+		return PARSE_RESULT_VERSION;
 	}
 	else if(((quic_version>=MVFST_VERSION_00 && quic_version<=MVFST_VERSION_0F)		||
 						(quic_version>=GQUIC_VERSION_Q049 && quic_version<=GQUIC_VERSION_Q059)	||
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required (VERSION 2.8)
+cmake_minimum_required (VERSION 2.8...3.10)

 set(lib_name quic)
 project(${lib_name}_test)
--- a/test/pcap/quic_len_-2.pcapng
+++ b/test/pcap/quic_len_-2.pcapng
Author	SHA1	Message	Date
yangwei	4d731800bf	🐞 fix(parse_quic_uncryption_payload): 增加长度判断，修复长度异常时造成的内存非法读附test/pcap/quic_len-2.pcapng为解析长度异常的包	2023-07-28 23:24:57 +08:00
yangwei	1b678406e7	🔧 build(cmake version): 更新最低版本要求至3.10，修复changelog脚本生成可能报错的问题	2023-07-28 23:22:51 +08:00
yangwei	479fd1a771	🐞 fix(quic version len): 增加包长判断，避免读越界	2023-07-26 19:21:14 +08:00