Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #4529 +/- ##
==========================================
- Coverage 81.59% 81.58% -0.01%
==========================================
Files 356 356
Lines 85287 85292 +5
==========================================
- Hits 69592 69588 -4
- Misses 15695 15704 +9
|
|
My understanding is that caplen is a 32bits unsigned int, while the read parameter is a 32bits signed int. Hence, high values don’t fit.Sent from my iPhoneOn 7 Sep 2024, at 21:20, Nils Weiss ***@***.***> wrote:
@polybassa approved this pull request.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
As far as I can see in this particular case the length of the packet is (Then again I'm not sure how important that is) |
|
I took a look at what Wireshark does. Looks like it doesn't read more than 262144 bytes by default: and that pcap file is rejected with (pcap: File has 3402287818-byte packet, bigger than maximum of 262144)When tshark: The specified snapshot length "3402287818" is too large (greater than 2147483647)I think in practice it should be OK to catch the overflow and bail out then. Though I think it should be a separate test case. |
|
2147483647 will be a 2Gb packet, that why I assumed that it was OK to only catch the OverflowError exception =) |
|
If this MR is OK to you, let's merge it, then we will apply #4530 |
|
Bah it's the opposite way. First we merge #4530 then you come up with a different unit test in this PR that only tests this issue :) (or reuse the previous one I guess). |
|
What do you want to change in the current test? |
I think something like b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00\x01\x00\x00\x00%\xa8\xddfK\x1b\x05\x00\xca\xca\xca\xca*\x00\x00\x00\xff\xff\xff\xff\xff\xff\x86"\x11&\xab3\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01]\x80\x0f\x13*r\n\x00\x02\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'should work. It contains on i386. On 64-bit machines scapy should read a normal ARP packet without triggering any other issues: I also passed that pcap to tshark and it rejects it with as expected. |
|
Is there really a need for two tests that will each give different results on 32 and 64 bits platforms?Currently, the file from oss-fuzz allows to test the overflow issue on 32 bits platforms, and the LDAP files access on 64 bits ones.Sent from my iPhoneOn 8 Sep 2024, at 16:02, Evgeny Vereshchagin ***@***.***> wrote:
What do you want to change in the current test?
I think something like
b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00\x01\x00\x00\x00%\xa8\xddfK\x1b\x05\x00\xca\xca\xca\xca*\x00\x00\x00\xff\xff\xff\xff\xff\xff\x86"\x11&\xab3\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01]\x80\x0f\x13*r\n\x00\x02\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
should work. It contains \xca\xca\xca\xca leading to
OverflowError: cannot fit 'int' into an index-sized integer
on i386. On 64-bit machines scapy should read a normal ARP packet without triggering any other issues:
0000 Ether / ARP who has 0.0.0.0 says 10.0.2.15
I also passed that pcap to tshark and it rejects it with
(pcap: File has 3402287818-byte packet, bigger than maximum of 262144)
as expected.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
My thinking was that since the original testcase triggers the overflow (apart from the LDAP crash) it prevents the LDAP crash from being tested on those platforms. To test the LDAP crash and the overflow there ideally there should be two different testcases. |
|
It still don’t see why we need to test the LDAP crash on a specific platform, but as you can provided a working test case, let’s use it =)Sent from my iPhoneOn 8 Sep 2024, at 17:48, Evgeny Vereshchagin ***@***.***> wrote:
Is there really a need for two tests that will each give different results on 32 and 64 bits platforms?
My thinking was that since the original testcase triggers the overflow (apart from the LDAP crash) it prevents the LDAP crash from being tested on those platforms. To test the LDAP crash and the overflow there ideally there should be two different testcases.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
I agree that it isn't i386-specific but if nothing else coverage reports would look better with those two lines covered there as well :-) When I opened #4530 I hadn't figured out what the issue was so to me it seemed reasonable to unblock the test on 32-bit machines while the overflow issue was in the process of being fixed. |
guedou
force-pushed
the
guedou/20240907/Issue_#4527
branch
from
898a6ae to
19ae1db
Compare
|
I pushed the alternative test. |
guedou
force-pushed
the
guedou/20240907/Issue_#4527
branch
from
19ae1db to
dee0c70
Compare
|
I ran it on i386 and it passed # python3 -m scapy.tools.UTscapy -t test/regression.uts -n 167
...
>>> l = rdpcap(file)
Pcap: cannot fit 'int' into an index-sized integer
>>> assert len(l) == 0 or ARP in l[0](what's interesting is that it turns out Wireshark rejects snapshot lengths larger than 2147483647 on 64 bit platforms too even though those in theory should be unsigned integers) |
4 participants
Fixes #4527.