Skip to content

fix(quic): bounds-check varint lengths; isolate parser panics#232

Merged
domcyrus merged 2 commits intomainfrom
fix/quic-varint-bounds
Apr 22, 2026
Merged

fix(quic): bounds-check varint lengths; isolate parser panics#232
domcyrus merged 2 commits intomainfrom
fix/quic-varint-bounds

Conversation

@domcyrus
Copy link
Copy Markdown
Owner

@domcyrus domcyrus commented Apr 22, 2026

Malformed QUIC Initial token_length, NEW_TOKEN, STREAM, NEW_CONNECTION_ID and CONNECTION_CLOSE fields could advance offset past payload.len(), panicking the pcap_rx thread on the next slice access. Guard each varint length addition and use checked_add for total_packet_size.

Wrap parser.parse_packet in catch_unwind so a single crafted packet can no longer take down a capture thread and blind the monitor.

domcyrus added 2 commits April 22, 2026 19:22
@domcyrus
fix(quic): bounds-check varint lengths; isolate parser panics
e6b30be 
Malformed QUIC Initial token_length, NEW_TOKEN, STREAM, NEW_CONNECTION_ID
and CONNECTION_CLOSE fields could advance offset past payload.len(),
panicking the pcap_rx thread on the next slice access. Guard each varint
length addition and use checked_add for total_packet_size.

Wrap parser.parse_packet in catch_unwind so a single crafted packet can
no longer take down a capture thread and blind the monitor.
@domcyrus
chore: satisfy Rust 1.95 clippy lints
b929089 
Fix unnecessary_sort_by, collapsible_match, and manual_checked_ops
warnings surfaced by newer clippy on CI.
@domcyrus domcyrus merged commit bc248ae into main Apr 22, 2026
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@domcyrus