From 07ae937cf7c85a237b1fd8e42cb37816ee198ae2 Mon Sep 17 00:00:00 2001 From: Diva M Date: Sun, 7 Sep 2025 23:40:19 -0500 Subject: [PATCH 1/3] reject buffers that are too short on responses --- portmapper/src/nat_pmp/protocol/response.rs | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/portmapper/src/nat_pmp/protocol/response.rs b/portmapper/src/nat_pmp/protocol/response.rs index 2ea27e93..87f3379d 100644 --- a/portmapper/src/nat_pmp/protocol/response.rs +++ b/portmapper/src/nat_pmp/protocol/response.rs @@ -115,7 +115,11 @@ impl Response { pub const RESPONSE_INDICATOR: u8 = 1u8 << 7; /// Decode a map response. - fn decode_map(buf: &[u8], proto: MapProtocol) -> Response { + fn decode_map(buf: &[u8], proto: MapProtocol) -> Result { + if buf.len() != Self::MAX_SIZE { + return Err(MalformedSnafu.build()); + } + let epoch_bytes = buf[4..8].try_into().expect("slice has the right len"); let epoch_time = u32::from_be_bytes(epoch_bytes); @@ -128,13 +132,13 @@ impl Response { let lifetime_bytes = buf[12..16].try_into().expect("slice has the right len"); let lifetime_seconds = u32::from_be_bytes(lifetime_bytes); - Response::PortMap { + Ok(Response::PortMap { proto, epoch_time, private_port, external_port, lifetime_seconds, - } + }) } /// Decode a response. @@ -176,8 +180,8 @@ impl Response { public_ip: ip_bytes.into(), } } - Opcode::MapUdp => Self::decode_map(buf, MapProtocol::Udp), - Opcode::MapTcp => Self::decode_map(buf, MapProtocol::Tcp), + Opcode::MapUdp => Self::decode_map(buf, MapProtocol::Udp)?, + Opcode::MapTcp => Self::decode_map(buf, MapProtocol::Tcp)?, }; Ok(response) From 9bbc7104a558ddbe77b310817d6fad5adfa8f4a5 Mon Sep 17 00:00:00 2001 From: Diva M Date: Sun, 7 Sep 2025 23:46:20 -0500 Subject: [PATCH 2/3] update tracing --- Cargo.lock | 54 ++++++++++-------------------------------------------- 1 file changed, 10 insertions(+), 44 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e3e3c33d..0e729a18 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1086,11 +1086,11 @@ dependencies = [ [[package]] name = "matchers" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558" +checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9" dependencies = [ - "regex-automata 0.1.10", + "regex-automata", ] [[package]] @@ -1342,12 +1342,11 @@ dependencies = [ [[package]] name = "nu-ansi-term" -version = "0.46.0" +version = "0.50.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84" +checksum = "d4a28e057d01f97e61255210fcff094d74ed0466038633e95017f5beb68e4399" dependencies = [ - "overload", - "winapi", + "windows-sys 0.52.0", ] [[package]] @@ -1402,12 +1401,6 @@ version = "1.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" -[[package]] -name = "overload" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" - [[package]] name = "parking" version = "2.2.1" @@ -1588,27 +1581,6 @@ dependencies = [ "getrandom", ] -[[package]] -name = "regex" -version = "1.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191" -dependencies = [ - "aho-corasick", - "memchr", - "regex-automata 0.4.9", - "regex-syntax 0.8.5", -] - -[[package]] -name = "regex-automata" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132" -dependencies = [ - "regex-syntax 0.6.29", -] - [[package]] name = "regex-automata" version = "0.4.9" @@ -1617,15 +1589,9 @@ checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908" dependencies = [ "aho-corasick", "memchr", - "regex-syntax 0.8.5", + "regex-syntax", ] -[[package]] -name = "regex-syntax" -version = "0.6.29" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" - [[package]] name = "regex-syntax" version = "0.8.5" @@ -2097,14 +2063,14 @@ dependencies = [ [[package]] name = "tracing-subscriber" -version = "0.3.19" +version = "0.3.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8189decb5ac0fa7bc8b96b7cb9b2701d60d48805aca84a238004d665fcc4008" +checksum = "2054a14f5307d601f88daf0553e1cbf472acc4f2c51afab632431cdcd72124d5" dependencies = [ "matchers", "nu-ansi-term", "once_cell", - "regex", + "regex-automata", "sharded-slab", "smallvec", "thread_local", From 437a9c136d9b665299fca01fd5429c8430563c8c Mon Sep 17 00:00:00 2001 From: Diva M Date: Sun, 7 Sep 2025 23:47:38 -0500 Subject: [PATCH 3/3] update slab --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0e729a18..9278fbb3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1739,9 +1739,9 @@ dependencies = [ [[package]] name = "slab" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04dc19736151f35336d325007ac991178d504a119863a2fcb3758cdb5e52c50d" +checksum = "7a2ae44ef20feb57a68b23d846850f861394c2e02dc425a50098ae8c90267589" [[package]] name = "smallvec"