fixed bounds check for tls, updated buffer 8192

shadowy-pycoder · shadowy-pycoder · commit 4f934e8523fc · 2025-07-11T11:46:01.000+03:00
diff --git a/README.md b/README.md
@@ -51,7 +51,7 @@ Options:
   -h    Show this help message and exit.
   -D    Display list of interfaces and exit.
   -b int
-        The maximum size of packet queue. (default 4096)
+        The maximum size of packet queue. (default 8192)
   -c int
         The maximum number of packets to capture.
   -e string
@@ -84,7 +84,7 @@ Output:
 - Promiscuous Mode: true
 - Timeout: 0s
 - Number of Packets: 0
-- Packet Buffer Size: 4096
+- Packet Buffer Size: 8192
 - BPF Filter: "port 53"
 - Verbose: false
 ```
diff --git a/cmd/mshark/cli.go b/cmd/mshark/cli.go
@@ -102,7 +102,7 @@ func root(args []string) error {
 	)
 	flags.DurationVar(&conf.Timeout, "t", 0, "The maximum duration of the packet capture process. Example: 5s")
 	flags.IntVar(&conf.PacketCount, "c", 0, "The maximum number of packets to capture.")
-	packetBuffer := flags.Int("b", 4096, "The maximum size of packet queue.")
+	packetBuffer := flags.Int("b", 8192, "The maximum size of packet queue.")
 	flags.StringVar(&conf.Expr, "e", "", `BPF filter expression. Example: "ip proto tcp".`)
 	flags.BoolFunc("D", "Display list of interfaces and exit.", func(flagValue string) error {
 		if err := displayInterfaces(); err != nil {
@@ -143,7 +143,7 @@ func root(args []string) error {
 	conf.Snaplen = *snaplen
 
 	if *packetBuffer <= 0 {
-		*packetBuffer = 4096
+		*packetBuffer = 8192
 	}
 	conf.PacketBuffer = *packetBuffer
 
diff --git a/layers/tls.go b/layers/tls.go
@@ -549,15 +549,21 @@ func (t *TLSMessage) Parse(data []byte) error {
 		if ctdesc == "Unknown" {
 			break
 		}
+		if len(data) < 3 {
+			break
+		}
 		ver := binary.BigEndian.Uint16(data[1:3])
 		verdesc := verdesc(ver)
 		if verdesc == "Unknown" {
 			break
 		}
+		if len(data) < headerSizeTLS {
+			break
+		}
 		rlen := binary.BigEndian.Uint16(data[3:headerSizeTLS])
-		rb := uint16(headerSizeTLS + rlen)
-		if rb > uint16(len(data)) {
-			rb = uint16(len(data))
+		rb := min(uint16(headerSizeTLS+rlen), uint16(len(data)))
+		if rb < headerSizeTLS {
+			break
 		}
 		r := &Record{
 			ContentType:     ctype,
diff --git a/mshark.go b/mshark.go
@@ -38,7 +38,7 @@ type Config struct {
 	Promisc      bool           // Promiscuous mode. This setting is ignored for "any" interface.
 	Timeout      time.Duration  // The maximum duration of the packet capture process.
 	PacketCount  int            // The maximum number of packets to capture.
-	PacketBuffer int            // The maximum size for packet buffer (Default: 4096)
+	PacketBuffer int            // The maximum size for packet buffer (Default: 8192)
 	Expr         string         // BPF filter expression.
 }
 
@@ -114,7 +114,7 @@ func (mw *Writer) WritePacket(timestamp time.Time, data []byte) error {
 //   - Promiscuous Mode: true
 //   - Timeout: 5s
 //   - Number of Packets: 0
-//   - Packet Buffer Size: 4096
+//   - Packet Buffer Size: 8192
 //   - BPF Filter: "ip proto tcp"
 //   - Verbose: true
 func (mw *Writer) WriteHeader(c *Config) error {
@@ -244,7 +244,7 @@ func OpenLive(conf *Config, pw ...PacketWriter) error {
 
 	b := make([]byte, conf.Snaplen)
 	if conf.PacketBuffer <= 0 {
-		conf.PacketBuffer = 4096
+		conf.PacketBuffer = 8192
 	}
 	packetQueue := make(chan []byte, conf.PacketBuffer)
 
