Malformed packet with incorrect payload length in header caused exception

[bratbiswas]

When a malformed IP packet looks like a fragment and contains an invalid payload length in the header, the IPRessembly class trusts the payload length in header and can cause an exception if the length is more than the real length of the payload. A check is introduced validate the lengths and return MALFORMED_PACKET if things are not right.

[codecov]

Codecov Report

Attention: Patch coverage is 96.66667% with 1 line in your changes missing coverage. Please review.

Project coverage is 82.99%. Comparing base (74407e6) to head (ffda644).

Files with missing lines	Patch %	Lines
Tests/Pcap++Test/main.cpp	50.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##              dev    #1829    +/-   ##
========================================
  Coverage   82.99%   82.99%            
========================================
  Files         284      284            
  Lines       48974    49004    +30     
  Branches    10576    10347   -229     
========================================
+ Hits        40647    40672    +25     
- Misses       7178     7218    +40     
+ Partials     1149     1114    -35     

Flag	Coverage Δ
alpine320	75.10% <84.61%> (+<0.01%)	⬆️
fedora42	75.20% <84.61%> (+<0.01%)	⬆️
macos-13	80.52% <92.30%> (+0.01%)	⬆️
macos-14	80.52% <92.30%> (+0.01%)	⬆️
macos-15	80.51% <92.30%> (+0.01%)	⬆️
mingw32	71.36% <87.50%> (-0.04%)	⬇️
mingw64	71.34% <87.50%> (-0.04%)	⬇️
npcap	84.98% <100.00%> (-0.01%)	⬇️
rhel94	74.96% <84.61%> (-0.02%)	⬇️
ubuntu2004	58.66% <77.77%> (-0.04%)	⬇️
ubuntu2004-zstd	58.80% <77.77%> (-0.01%)	⬇️
ubuntu2204	74.91% <84.61%> (+<0.01%)	⬆️
ubuntu2204-icpx	61.50% <75.00%> (-0.03%)	⬇️
ubuntu2404	75.16% <84.61%> (+<0.01%)	⬆️
ubuntu2404-arm64	75.11% <84.61%> (-0.03%)	⬇️
unittest	82.99% <96.66%> (+<0.01%)	⬆️
windows-2019	85.01% <100.00%> (+<0.01%)	⬆️
windows-2022	85.02% <100.00%> (+<0.01%)	⬆️
winpcap	85.17% <100.00%> (+0.01%)	⬆️
xdp	50.58% <0.00%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[seladb]

@bratbiswas thanks for contributing this fix! 🙏

Since you already have a malformed pcap that causes this crash (attached to the issue), can you add a test here? https://github.com/seladb/PcapPlusPlus/blob/master/Tests/Pcap%2B%2BTest/Tests/IPFragmentationTests.cpp

You can find more info on how to run tests here: https://pcapplusplus.github.io/docs/tests

Let me know if you need my help with writing the test.

[bratbiswas]

I committed three files - main.cpp, TestDefinition.h and IPFragmentationTests.cpp. I followed instruction from chatgpt and added "--force-with-lease" flag in the push and the changes were pushed but now I see changes in a lot more files than I actually added/committed!

I am sorry for the mess. One really needs a phd on git to be able to use it! I mean source control seems a lot more complicated than writing the software itself :-(
Sorry.

[seladb]

I believe you also need to push the file "PcapExamples/ip4_bad_fragment.txt"?

Maybe instead you can push a pcap file that contains this packet?

Since *.pcap is in .gitignore you need to use the -f flag:

git add -f Tests/Pcap++Test/PcapExamples/ip4_bad_fragment.pcap
git commit -m "Add pcap file"

If you add a pcap file you can use pcpp::PcapFileReaderDevice to read it, like we do here:

PcapPlusPlus/Tests/Pcap++Test/Tests/IPFragmentationTests.cpp

Line 82 in 51c9af3

pcpp::PcapFileReaderDevice reader("PcapExamples/ip6_fragments.pcap");

[bratbiswas]

Done. Modified the code to use a PCAP and added the PCAP too.

[seladb]

Do you also have an example of a malformed IPv6 packet?

[bratbiswas]

No, I don't have an IPv6 packet.