Fix one more buffer overread in ksysguard network helper
AbandonedPublic
Actions

Authored by maltek on Nov 18 2019, 9:20 AM.

Details

Reviewers

ahiemstra
fvogt

Summary

fix one more bug in the ksysguard network helper found by my fuzzer.

Diff Detail

Repository

R106 KSysguard

Lint

Lint Skipped

Unit

Unit Tests Skipped

maltek created this revision.Nov 18 2019, 9:20 AM

Restricted Application added a project: Plasma. · View Herald TranscriptNov 18 2019, 9:20 AM

Restricted Application added a subscriber: plasma-devel. · View Herald Transcript

maltek requested review of this revision.Nov 18 2019, 9:20 AM

I wonder whether this can actually happen, as that header is AFAICT added by the kernel and not from the network.

The Packet constructor has both dataLength and packetSize parameters, which are equal to the pcap header's caplen and len, respectively, and only the former specifies how much data is actually available in the buffer.
So the comparison has to use dataLength, like the code below.

This revision now requires changes to proceed.Nov 18 2019, 9:46 AM

Indeed, you're right. This bug was just an artifact of my fuzzing harness.

Revision Contents
Changeset List

			Path	Packages
M			plugins/process/network/helper/Packet.cpp (6 lines)

Diff 69908

View Options

plugins/process/network/helper/Packet.cpp

Diff	ID	Base	Description	Created	Lint	Unit
Base			Base
Diff 1	69908			Nov 18 2019, 9:15 AM	★	★