Fix use-of-uninitialized-value in PcapNgFileReaderDevice::getNextPacketInternal#2132
Open
Shubham7-1 wants to merge 4 commits intoseladb:masterfrom
Open
Fix use-of-uninitialized-value in PcapNgFileReaderDevice::getNextPacketInternal#2132Shubham7-1 wants to merge 4 commits intoseladb:masterfrom
Shubham7-1 wants to merge 4 commits intoseladb:masterfrom
Conversation
…etInternal - Zero-initialize light_packet_header pktHeader in getNextPacketInternal to prevent MSAN use-of-uninitialized-value on any path where light_get_next_packet does not fill every field. - Fix light_get_next_packet's LIGHT_SIMPLE_PACKET_BLOCK branch: add an else clause so packet_header->data_link is always set (to 0xFFFF) when there are no interface blocks, eliminating the root cause of the uninitialized read. Agent-Logs-Url: https://github.com/Shivam7-1/PcapPlusPlus/sessions/40af4014-b148-45f0-8e4f-9f159064c5d1 Co-authored-by: Shivam7-1 <55046031+Shivam7-1@users.noreply.github.com>
Agent-Logs-Url: https://github.com/Shivam7-1/PcapPlusPlus/sessions/40af4014-b148-45f0-8e4f-9f159064c5d1 Co-authored-by: Shivam7-1 <55046031+Shivam7-1@users.noreply.github.com>
…-value Fix use-of-uninitialized-value in PcapNgFileReaderDevice::getNextPacketInternal
Fix use-of-uninitialized-value in PcapNgFileReaderDevice::getNextPacketInternal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the MSAN-reported
Use-of-uninitialized-valueinpcpp::PcapNgFileReaderDevice::getNextPacketInternal(OSS-Fuzz issue, crash type reported inFuzzWriterNg).issue: https://issues.oss-fuzz.com/issues/479882050
Root Cause
In
light_get_next_packet(light_pcapng_ext.c), theLIGHT_SIMPLE_PACKET_BLOCKbranch setspacket_header->data_linkonly wheninterface_block_count > 0:When a pcapng file contains a Simple Packet Block without any preceding Interface Description Block,
data_linkis never written. Back ingetNextPacketInternal, the uninitializedpktHeader.data_linkvalue is then read bym_BpfWrapper.matches()andRawPacket::setRawData(), triggering MSAN.Changes
3rdParty/LightPcapNg/LightPcapNg/src/light_pcapng_ext.cAdded an
elseclause in the SPB path oflight_get_next_packetto always assigndata_link. Uses the same0xFFFFsentinel already used in the EPB "out-of-range interface_id" case, meaning unknown/invalid link type.Pcap++/src/PcapFileDevice.cppZero-initialized
light_packet_header pktHeader{}ingetNextPacketInternalas defense-in-depth, ensuring no field is ever read uninitialized regardless of which code pathlight_get_next_packettakes.