added more checks for parsing

Author: shadowy-pycoder

layers/ipv6.go

@@ -90,8 +90,15 @@ func (p *IPv6Packet) Parse(data []byte) error {
 	p.NextHeader = buf[6]
 	p.NextHeaderDesc = p.nextHeader()
 	p.HopLimit = buf[7]
-	p.SrcIP, _ = netip.AddrFromSlice(buf[8:24])
-	p.DstIP, _ = netip.AddrFromSlice(buf[24:headerSizeIPv6])
+	var ok bool
+	p.SrcIP, ok = netip.AddrFromSlice(buf[8:24])
+	if !ok {
+		return fmt.Errorf("malformed IPv6 address")
+	}
+	p.DstIP, ok = netip.AddrFromSlice(buf[24:headerSizeIPv6])
+	if !ok {
+		return fmt.Errorf("malformed IPv6 address")
+	}
 	p.Payload = buf[headerSizeIPv6:]
 	return nil
 }

layers/layers.go

@@ -88,6 +88,12 @@ func parseNextLayerFromBytes(data []byte) Layer {
 			return next
 		}
 	}
+	if firstByte == 0x30 {
+		next = GetNextLayer("SNMP")
+		if err := next.Parse(buf); err == nil {
+			return next
+		}
+	}
 	if len(buf) > 3 {
 		b1 := binary.BigEndian.Uint16(buf[0:2])
 		b2 := binary.BigEndian.Uint16(buf[2:4])
@@ -138,7 +144,7 @@ func addrMatch(src, dst *uint16, ports []uint16) bool {
 	return false
 }
 
-func parseNextLayerFromAddress(data []byte, src, dst *uint16) Layer {
+func parseNextLayerFromPorts(data []byte, src, dst *uint16) Layer {
 	if len(data) == 0 {
 		return nil
 	}
@@ -154,7 +160,7 @@ func parseNextLayerFromAddress(data []byte, src, dst *uint16) Layer {
 		next = GetNextLayer("FTP")
 	case addrMatch(src, dst, []uint16{22, 2222, 2200, 222, 2022}):
 		next = GetNextLayer("SSH")
-	case addrMatch(src, dst, []uint16{443, 465, 993, 995, 8443, 9443, 10443, 8444}):
+	case addrMatch(src, dst, []uint16{443, 465, 993, 995, 8443, 9443, 10443, 8444, 5228}):
 		next = GetNextLayer("TLS")
 	default:
 		return nil
@@ -171,7 +177,7 @@ func ParseNextLayer(data []byte, src, dst *uint16) Layer {
 	buf = append(buf, data...)
 	var next Layer
 	if src != nil || dst != nil {
-		if next = parseNextLayerFromAddress(buf, src, dst); next != nil {
+		if next = parseNextLayerFromPorts(buf, src, dst); next != nil {
 			return next
 		}
 	}

layers/snmp.go

@@ -18,6 +18,9 @@ func (s *SNMPMessage) Summary() string {
 }
 
 func (s *SNMPMessage) Parse(data []byte) error {
+	if data[0] != 0x30 {
+		return fmt.Errorf("not ASN.1 SEQUENCE")
+	}
 	buf := make([]byte, 0, len(data))
 	buf = append(buf, data...)
 	s.Payload = buf

layers/ssh.go

@@ -90,18 +90,28 @@ func (s *SSHMessage) Parse(data []byte) error {
 	buf := make([]byte, 0, len(data))
 	buf = append(buf, data...)
 	if bytes.HasSuffix(buf, crlf) {
-		s.Protocol = bytesToStr(bytes.TrimSuffix(buf, crlf))
+		p := bytes.TrimSuffix(buf, crlf)
+		if !bytes.Contains(p, protoSSH) {
+			return fmt.Errorf("message should contain SSH-")
+		}
+		s.Protocol = bytesToStr(p)
 		return nil
 	}
 	s.Messages = make([]*Message, 0, 3)
 	for len(buf) > 0 {
+		if len(buf) < 4 {
+			return ErrSliceBounds
+		}
 		m := &Message{}
 		s.Messages = append(s.Messages, m)
 		plen := binary.BigEndian.Uint32(buf[0:4])
 		if plen > 0xffff {
 			m.Payload = buf
 			break
 		}
+		if len(buf) < 5 {
+			return ErrSliceBounds
+		}
 		m.MesssageType = buf[5]
 		if m.MesssageTypeDesc = mtypedesc(m.MesssageType); m.MesssageTypeDesc == "Unknown" {
 			m.Payload = buf

layers/tcp.go

@@ -127,8 +127,12 @@ func (t *TCPSegment) Parse(data []byte) error {
 	t.WindowSize = binary.BigEndian.Uint16(buf[14:16])
 	t.Checksum = binary.BigEndian.Uint16(buf[16:18])
 	t.UrgentPointer = binary.BigEndian.Uint16(buf[18:headerSizeTCP])
-	t.Options = buf[headerSizeTCP : t.DataOffset<<2]
-	t.Payload = buf[t.DataOffset<<2:]
+	offset := t.DataOffset << 2
+	if len(buf) < int(offset) {
+		return ErrSliceBounds
+	}
+	t.Options = buf[headerSizeTCP:offset]
+	t.Payload = buf[offset:]
 	return nil
 }