Skip to content

Capture parser hardening and ASN.1 OID fix#3914

Merged
awick merged 1 commit into
mainfrom
opus-improvements-30
Apr 27, 2026
Merged

Capture parser hardening and ASN.1 OID fix#3914
awick merged 1 commit into
mainfrom
opus-improvements-30

Conversation

@awick

@awick awick commented Apr 27, 2026

Copy link
Copy Markdown
Contributor
  • parsers.c: fix ASN.1 OID first-arc decoding per X.690 (e.g. LLDP OIDs now show as 1.0.8802... not 40.8802...)
  • bgp: validate length field, unregister on bad
  • diameter: check BSB error after AVP padding skip
  • dnp3 udp: verify computed total frame length fits datagram
  • ldap: handle arkime_parser_buf_add truncation
  • m2ua/m3ua: validate msgLen and limit param BSB
  • pana: validate msgLen and limit AVP BSB
  • postgresql: classifier decodes full 4-byte plen
  • ptp: validate messageLength in classifier and parser
  • radius: classifier requires len >= 20
  • socks5: drop artificial len <= 5 cap on greeting
  • synchrophasor: unregister tcp on oversize frame; validate udp frameSize
  • tftp: require both filename and mode NULs per RFC 1350
  • pcap-over-IP: free client on unknown magic, fix %xs format typo
  • reader-scheme: validate pcapng EPB block size, require olen >= 1 for if_tsresol
  • daq: pass non-NULL user pointer to thread queue
  • lua/session: use int/lua_tointeger for offset
  • writer-s3: bump partNumbers[] to 10001, clamp completion loop
  • tests: update SNMPv2c expected OIDs; extend PTP Announce in arkime_synthetic to satisfy msgLen

License

I confirm that this contribution is made under an Apache 2.0 license and that I have the authority necessary to make this contribution on behalf of its copyright owner.

@awick
Capture parser hardening and ASN.1 OID fix
cd02599 
- parsers.c: fix ASN.1 OID first-arc decoding per X.690 (e.g. LLDP OIDs now show as 1.0.8802... not 40.8802...)
- bgp: validate length field, unregister on bad
- diameter: check BSB error after AVP padding skip
- dnp3 udp: verify computed total frame length fits datagram
- ldap: handle arkime_parser_buf_add truncation
- m2ua/m3ua: validate msgLen and limit param BSB
- pana: validate msgLen and limit AVP BSB
- postgresql: classifier decodes full 4-byte plen
- ptp: validate messageLength in classifier and parser
- radius: classifier requires len >= 20
- socks5: drop artificial len <= 5 cap on greeting
- synchrophasor: unregister tcp on oversize frame; validate udp frameSize
- tftp: require both filename and mode NULs per RFC 1350
- pcap-over-IP: free client on unknown magic, fix %xs format typo
- reader-scheme: validate pcapng EPB block size, require olen >= 1 for if_tsresol
- daq: pass non-NULL user pointer to thread queue
- lua/session: use int/lua_tointeger for offset
- writer-s3: bump partNumbers[] to 10001, clamp completion loop
- tests: update SNMPv2c expected OIDs; extend PTP Announce in arkime_synthetic to satisfy msgLen

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@awick awick merged commit ed2afb5 into main Apr 27, 2026
24 of 28 checks passed
@awick awick deleted the opus-improvements-30 branch April 27, 2026 12:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@awick