1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
diff --git a/bin/nfdump.c b/bin/nfdump.c
index ba8d92f..9f653f8 100644
--- a/bin/nfdump.c
+++ b/bin/nfdump.c
@@ -559,7 +559,10 @@ int v1_map_done = 0;
exit(255);
}
}
- ConvertCommonV0((void *)record_ptr, (common_record_t *)ConvertBuffer);
+ if ( !ConvertCommonV0((void *)record_ptr, (common_record_t *)ConvertBuffer) ) {
+ LogError("Corrupt data file. Unable to decode at %s line %d\n", __FILE__, __LINE__);
+ exit(255);
+ }
flow_record = (common_record_t *)ConvertBuffer;
dbg_printf("Converted type %u to %u record\n", CommonRecordV0Type, CommonRecordType);
case CommonRecordType: {
diff --git a/bin/nffile_inline.c b/bin/nffile_inline.c
index 58225aa..4a9ca25 100755
--- a/bin/nffile_inline.c
+++ b/bin/nffile_inline.c
@@ -49,7 +49,7 @@ static inline void AppendToBuffer(nffile_t *nffile, void *record, size_t require
static inline void CopyV6IP(uint32_t *dst, uint32_t *src);
-static inline void ConvertCommonV0(void *record, common_record_t *flow_record);
+static inline int ConvertCommonV0(void *record, common_record_t *flow_record);
static inline void ExpandRecord_v2(common_record_t *input_record, extension_info_t *extension_info, exporter_info_record_t *exporter_info, master_record_t *output_record );
@@ -88,11 +88,13 @@ static inline void CopyV6IP(uint32_t *dst, uint32_t *src) {
dst[3] = src[3];
} // End of CopyV6IP
-static inline void ConvertCommonV0(void *record, common_record_t *flow_record) {
+static inline int ConvertCommonV0(void *record, common_record_t *flow_record) {
common_record_v0_t *flow_record_v0 = (common_record_v0_t *)record;
// copy v0 common record
memcpy((void *)flow_record, record, COMMON_RECORDV0_DATA_SIZE);
+ if ( flow_record_v0->size <= COMMON_RECORDV0_DATA_SIZE )
+ return 0;
memcpy((void *)flow_record->data, (void *)flow_record_v0->data, flow_record_v0->size - COMMON_RECORDV0_DATA_SIZE);
// fix record differences
@@ -102,6 +104,7 @@ common_record_v0_t *flow_record_v0 = (common_record_v0_t *)record;
flow_record->exporter_sysid = flow_record_v0->exporter_sysid;
flow_record->reserved = 0;
+ return 1;
} // End of ConvertCommonV0
/*
diff --git a/bin/nfx.c b/bin/nfx.c
index fa84afe..ceea74e 100755
--- a/bin/nfx.c
+++ b/bin/nfx.c
@@ -542,6 +542,7 @@ int i, extension_size, max_elements;
int id = map->ex_id[i];
if ( id > Max_num_extensions ) {
printf("PANIC! - Verify map id %i: ERROR: element id %i out of range [%i]!\n", map->map_id, id, Max_num_extensions);
+ exit(255);
}
extension_size += extension_descriptor[id].size;
i++;
|
