From 2c5550a01c00f626ae5c2a7bd8c8ac6de4c4a408 Mon Sep 17 00:00:00 2001
From: Christian Herdtweck <christian.herdtweck@intra2net.com>
Date: Wed, 10 Dec 2014 15:58:52 +0100
Subject: [PATCH] fixed parsing of icmp data: only parses right amount of data

---
 src/icmp/icmpv4header.cpp |    7 +++++++
 src/icmp/icmpv4header.h   |    2 ++
 src/icmp/icmpv4packet.cpp |   11 +++++++----
 src/icmp/icmpv6header.cpp |    7 +++++++
 src/icmp/icmpv6header.h   |    2 ++
 src/ip/ipv4header.cpp     |    2 ++
 6 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/src/icmp/icmpv4header.cpp b/src/icmp/icmpv4header.cpp
index 27f9a71..1f0e680 100644
--- a/src/icmp/icmpv4header.cpp
+++ b/src/icmp/icmpv4header.cpp
@@ -22,6 +22,8 @@ using boost::shared_ptr;
 // Icmpv4Header
 //-----------------------------------------------------------------------------
 
+static const size_t HeaderSizeInBytes = 8;
+
 Icmpv4Header::Icmpv4Header() :
     MessageFormat()
 {
@@ -162,6 +164,11 @@ void Icmpv4Header::set_icmp_message_format( std::istream &is )
     set_icmp_message_format( header_type );
 }
 
+size_t Icmpv4Header::get_header_length() const
+{
+    return HeaderSizeInBytes;
+}
+
 std::istream& operator>>(
         std::istream &is,
         Icmpv4Header &header
diff --git a/src/icmp/icmpv4header.h b/src/icmp/icmpv4header.h
index 1708fef..86173c1 100644
--- a/src/icmp/icmpv4header.h
+++ b/src/icmp/icmpv4header.h
@@ -70,6 +70,8 @@ public:
     void set_icmp_message_format( const Icmpv4Type type );
     void set_icmp_message_format( std::istream &is );
 
+    size_t get_header_length() const;
+
     friend std::istream& operator>>(
             std::istream &is,
             Icmpv4Header &header
diff --git a/src/icmp/icmpv4packet.cpp b/src/icmp/icmpv4packet.cpp
index 21a3b58..b131be9 100644
--- a/src/icmp/icmpv4packet.cpp
+++ b/src/icmp/icmpv4packet.cpp
@@ -255,18 +255,21 @@ istream& operator>>(
         is >> packet.IcmpPayloadHeader;
     if (is.good())
     {
-        streamsize data_length = static_cast<streamsize>( packet.IpHeader.get_total_length() ) -
-                                 static_cast<streamsize>( packet.IpHeader.get_header_length() );
+        streamsize data_length = static_cast<streamsize>( packet.IpHeader.get_total_length() )
+                               - static_cast<streamsize>( packet.IpHeader.get_header_length() )
+                               - static_cast<streamsize>( packet.IcmpPayloadHeader.get_header_length() );
 
         if ( data_length < 0 )
         {
-            GlobalLogger.error() << "Error: invalid size for optional ICMP data: " << data_length << endl;
+            GlobalLogger.error() << "Error: invalid size for optional ICMP data: "
+                                 << data_length << endl;
             is.setstate( ios::failbit );
         }
         else if ( data_length > 0 )
         {
             size_t options_size = static_cast<size_t>( data_length );
-            scoped_array<uint8_t> scoped_data( new uint8_t[options_size] );
+            scoped_array<uint8_t> scoped_data( new uint8_t[options_size+1] ); // need a 0 after data
+            memset(scoped_data.get(), 0, (options_size+1)*sizeof(uint8_t));
             char *char_data = reinterpret_cast<char *>( scoped_data.get() );
 
             (void) is.read( char_data, data_length );
diff --git a/src/icmp/icmpv6header.cpp b/src/icmp/icmpv6header.cpp
index e3d2950..fd5425d 100644
--- a/src/icmp/icmpv6header.cpp
+++ b/src/icmp/icmpv6header.cpp
@@ -19,6 +19,8 @@ using boost::shared_ptr;
 // Icmpv6Header
 //-----------------------------------------------------------------------------
 
+static const size_t HeaderSizeInBytes = 4;
+
 Icmpv6Header::Icmpv6Header() :
     MessageFormat()
 {
@@ -172,6 +174,11 @@ void Icmpv6Header::set_icmp_message_format( std::istream &is )
     set_icmp_message_format( header_type );
 }
 
+size_t Icmpv6Header::get_header_length() const
+{
+    return HeaderSizeInBytes;
+}
+
 std::istream& operator>>(
         std::istream &is,
         Icmpv6Header &header
diff --git a/src/icmp/icmpv6header.h b/src/icmp/icmpv6header.h
index 7afb111..3aec4b0 100644
--- a/src/icmp/icmpv6header.h
+++ b/src/icmp/icmpv6header.h
@@ -70,6 +70,8 @@ public:
     void set_icmp_message_format( const Icmpv6Type type );
     void set_icmp_message_format( std::istream &is );
 
+    size_t get_header_length() const;
+
     friend std::istream& operator>>(
             std::istream &is,
             Icmpv6Header &header
diff --git a/src/ip/ipv4header.cpp b/src/ip/ipv4header.cpp
index 42ba81e..1235f7b 100644
--- a/src/ip/ipv4header.cpp
+++ b/src/ip/ipv4header.cpp
@@ -221,6 +221,7 @@ istream &operator>>(
     if ( header_version != 4 )
     {
         GlobalLogger.error() << "Error: invalid IP header version: " << static_cast<int>(header_version) << endl;
+
         is.setstate( ios::failbit );
         return is;
     }
@@ -238,6 +239,7 @@ istream &operator>>(
     {
         size_t options_size = static_cast<size_t>( options_length );
         scoped_array<uint8_t> options_data( new uint8_t[options_size] );
+        memset(options_data.get(), 0, options_size*sizeof(uint8_t));
         char *options_data_array = reinterpret_cast<char *>( options_data.get() );
 
         (void) is.read( options_data_array, options_length );
-- 
1.7.1