Bugfixes 23593, 23601 in oss fuzz: buffer overflow and HTTP and SIP l…

…ayers

Common++/header/GeneralUtils.h

@@ -39,6 +39,16 @@ namespace pcpp
 	 * Illegal hex string means odd number of characters or a string that contains non-hex characters
 	 */
 	size_t hexStringToByteArray(const std::string& hexString, uint8_t* resultByteArr, size_t resultByteArrSize);
+
+	/**
+	 * This is a cross platform version of memmem (https://man7.org/linux/man-pages/man3/memmem.3.html) which is not supported
+	 * on all platforms.
+	 * @param[in] haystack A pointer to the buffer to be searched
+	 * @param[in] haystackLen Length of the haystack buffer
+	 * @param[in] needle A pointer to a buffer that will be searched for
+	 * @param[in] needleLen Length of the needle buffer
+	 */
+	char* cross_platform_memmem(const char* haystack, size_t haystackLen, const char* needle, size_t needleLen);
 }
 
 #endif // PCAPPP_GENERAL_UTILS

Common++/src/GeneralUtils.cpp

@@ -68,4 +68,24 @@ size_t hexStringToByteArray(const std::string& hexString, uint8_t* resultByteArr
 	return hexString.length() / 2;
 }
 
+
+char* cross_platform_memmem(const char* haystack, size_t haystackLen, const char* needle, size_t needleLen)
+{
+	char* ptr = (char*)haystack;
+	while (needleLen <= (haystackLen - (ptr - haystack)))
+	{
+		if (NULL != (ptr = (char*)memchr(ptr, (int)(*needle), haystackLen - (ptr - haystack))))
+		{
+			if (0 == memcmp(ptr, needle, needleLen))
+				return ptr;
+			else
+				++ptr;
+		}
+		else
+			break;
+	}
+
+	return NULL;
+}
+
 }

Packet++/src/HttpLayer.cpp

@@ -1,6 +1,7 @@
 #define LOG_MODULE PacketLogModuleHttpLayer
 
 #include "Logger.h"
+#include "GeneralUtils.h"
 #include "HttpLayer.h"
 #include <string.h>
 #include <algorithm>
@@ -336,7 +337,7 @@ HttpRequestLayer::HttpMethod HttpRequestFirstLine::parseMethod(char* data, size_
 void HttpRequestFirstLine::parseVersion()
 {
 	char* data = (char*)(m_HttpRequest->m_Data + m_UriOffset);
-	char* verPos = strstr(data, " HTTP/");
+	char* verPos = cross_platform_memmem(data, m_HttpRequest->getDataLen() - m_UriOffset, " HTTP/", 6);
 	if (verPos == NULL)
 	{
 		m_Version = HttpVersionUnknown;

Packet++/src/SipLayer.cpp

@@ -4,6 +4,7 @@
 #include "SdpLayer.h"
 #include "PayloadLayer.h"
 #include "Logger.h"
+#include "GeneralUtils.h"
 #include <string.h>
 #include <algorithm>
 #include <stdlib.h>
@@ -287,7 +288,7 @@ SipRequestLayer::SipMethod SipRequestFirstLine::parseMethod(char* data, size_t d
 void SipRequestFirstLine::parseVersion()
 {
 	char* data = (char*)(m_SipRequest->m_Data + m_UriOffset);
-	char* verPos = strstr(data, " SIP/");
+	char* verPos = (char*)cross_platform_memmem(data, m_SipRequest->getDataLen() - m_UriOffset, " SIP/", 5);
 	if (verPos == NULL)
 	{
 		m_Version = "";

Packet++/src/TextBasedProtocol.cpp

@@ -482,7 +482,7 @@ HeaderField::HeaderField(TextBasedProtocolMessage* TextBasedProtocolMessage, int
 		if (spacesAllowedBetweenNameAndValue)
 		{
 			// advance fieldValuePtr 1 byte forward while didn't get to end of packet and fieldValuePtr points to a space char
-			while ((size_t)(fieldValuePtr - (char*)m_TextBasedProtocolMessage->m_Data) <= m_TextBasedProtocolMessage->getDataLen() && (*fieldValuePtr) == ' ')
+			while ((size_t)(fieldValuePtr - (char*)m_TextBasedProtocolMessage->m_Data) < m_TextBasedProtocolMessage->getDataLen() && (*fieldValuePtr) == ' ')
 			{
 				fieldValuePtr++;
 			}