-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with Data Length unmarshalling #92
Labels
Comments
Same issue here. |
I'm having the same issue. The length of the PDU is not the real one. |
Thank-you for the bug report and comments. I've been swamped with other projects. Would anyone be interested in submitting a pull request that resolve this? I'd be happy to review and merge it. |
I could add some basic protection against this, just an extra check. |
This is my proposal (src/dis6/Pdu.cpp, line 111): void Pdu::unmarshal(DataStream& dataStream)
{
dataStream >> _protocolVersion;
dataStream >> _exerciseID;
dataStream >> _pduType;
dataStream >> _protocolFamily;
dataStream >> _timestamp;
dataStream >> _length;
dataStream >> _padding;
if (dataStream.size() != _length) // added lines
{
throw std::runtime_error("error size");
}
} Regards. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is an issue related with the unmarshal function in incomingMessage if the dis packet is malformed.
Application crashes with some udp packets with malformed lenght field.
In concrete it seems that occurs if the lenght is greater than expected at this location:
After this code execution, the exectution continues in the final class (i.e. EntityStatePdu::unmarshall) and the application crashes. I think It is because the malformed length, as it seems to be used en EntityStatePdu...
This is an example of a udp packet causing a crash: 0x020001020000001d2500167374642d7363616e....
The text was updated successfully, but these errors were encountered: