Fix vuln OSV-2024-947 #18
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Replaced MacAddress internal C-array with std::array. * Lint * Added <cstring> header to all places where removing <cstring> from MacAddress broke memset. * Moved <cstring> include from cpp to header. * Added <cstring> to PTF header as it uses memcmp in macros.
* Pulled ostream operators for IPAddress and MacAddress into the namespace to satisfy ADL requirements. * Refactor of Logger. - LogLevel is now a top level enum class. - Added a new log level Off to disable output from a specific module. - Logger::LogLevel is a deprecated alias to LogLevel. - Logger::Info, Debug, Error are deprecated aliases to LogLevel::... - Removed public "internal*" functions from Logger.Logger - Added LogSource struct to encapsulate source information. - Added shouldLog method to check if a log should be emitted for a given level and module. - Removed nonfunctional artifacts "m_LogStream" and "Logger::operator<<" - Added templated "log" functions that are friends to Logger. - Reworked PCPP_LOG macros to no longer utilize the now removed internal functions. - Added PCPP_LOG_INFO macro level. - Changed PCPP_LOG_ERROR to now check if the log should be emitted. - Fixed NetworkUtils log module name overlapping with NetworkUtils class. - Fixed missing enum value for PacketLogModuleSll2Layer. * Cleanup and fixes. * Added the new Off log level to the string conversion. * Fixed wrong variable name. * Added documentation to log source. * Lint. * Fixed docstring for LogSource. * Fixed extra / * Fixed explicit warning. * Moved log functions inside logger. * Revert "Moved log functions inside logger." This reverts commit be95ab8. * Moved the log functions to the Logger class. - Added optional compile time elimination of log calls below set level. * Fixed typo in macro names. * Changed value param to const-ref. * Added "venv" and "./out" to ignored directories by codespell. * Reverted to previous optimizations to keep executable binary size low. - Renamed printLogMessage to emit and changed visibility to public. - Added new class LogContext to encapsulate a single emittable log message. - Added new methods createLogContext which is practically a rework of internalCreateLogStream but returns a LogContext. - Added optional use of object pooling optimization for reusing log contexts. (Enabled via preprocessor flag PCPP_LOG_USE_OBJECT_POOL) * Fixed warnings about unreferenced local variables if the compile time minimum log level set to too high severity.. * Removed useless variable. * Fixed friend class definition. * Fixed variable assignment. * Added method useContextPooling to control if the logger should use context pooling. - Removed preprocessor variable PCPP_LOG_USE_OBJECT_POOL. - Disabled context pooling for the unit tests as it interferes with the memory leak checker. * Fixed more warnings about unreferenced local variables if the compile time minimum log level set to too high severity.. * Addressed warnings and documentation. - Added documentation to new methods and classes. - Addressed explicit constructor warnings. - Moved disable of context pooling for unit tests to the main.cpp files of the respective tests. * Fixed include. * Fixed pointer dereference. * Fixed memory checker issues with logger. - Added 2 preallocated log contexts to the object pool. * Lint * Added mutex lock on the default log printer to support proper multi-threading and eliminate possibility of data races during log emission. * Fixed typos in documentation. * Changed level variable to private. * Changed LogPrinter definition to use the metaprogramming construct std::add_pointer. * Replaced C library includes with C++ equivalents. * Updated documentation format. * Added full namespace qualifier for marco code. * Changed C-array to std::array. * Added a mutex lock when writing or reading to last error string to prevent tearing. * Fixed object pool member variables. * Added mutators to change the max size of an object pool at runtime. * Added exception if pool preallocation size is larger then the maximum allowed pool size. * Added tests for ObjectPool<T>. - Changed infinite pool size to be maximum value of size_t instead of 0, to fix an issue if max size is set to 0. - Added size getter to the pool. - Marked the pool mutex as mutable. * Lint * Added option to set the max pool size for the Logger context pool. * Disabled logger context pooling in the tests as it is detected as a false positive memory leak. * Lint * Lint * Updated logger tests. - Changed `pcpp::Logger::getInstance()` to use a cached `logger` variable. - Removed the need for fully qualified names in the logger test. - C-style casts to Cpp casts. * Added tests for `shouldLog`. * Moved iostream and iomanip to Logger.cpp as they are unnessesary in the header. * Lint * Added iostream to examples that depended on transitively including iostream from Logger.h * Added <iomanip> to examples that depended on transitively including from Logger.h * Moved ObjectPool to internal namespace. * Renamed ObjectPool to DynamicObjectPool. * Renamed preallocate ctor parameter to initialSize. * Removed unused logging functions. * Fixed missed include <cstring>.
* Auto pre-commit update * Update .pre-commit-config.yaml --------- Co-authored-by: GitHub <[email protected]> Co-authored-by: Liu, An-Chi <[email protected]>
…eladb#1659) * Converted some files to tripple slash docs. * Converted more files. * Converted more files. * more conversions... * Converted more files * Converted more files. * converted files * converted more files. * Reformatted SSH layer. PS: Formatting ASCII drawings is annoying. * Converted SSL layer files. PS: Formating ASCII Drawings. * Attempt at suppressing multi-line comment warning due to backslashes in ASCII drawings. * Converted Stplayer. * Converted remaining files. * Wrapped diagrams in ASCII borders to avoid the multi-line comment compiler errors. * Wrapped more diagrams that triggered the multi-line error. The error is triggered by having a \ as the last character before a new-line. * Reformatted /** */ style comments to /// and // comments. * Added empty lines around verbatim blocks to attempt to fix doxygen error. * Replaced verbatim blocks with @code{.unparsed} as per this workaround. https://web.archive.org/web/20240724083629/https://technicalwriting.dev/src/verbatim-wrangling.html * Lint * Removed borders and instances of \ at the end of the line
* Fix vuln crash-7d18f37e1f05e0ff4aa4dfa2f67dd738340ad9cf * Move the heap overflow check before the allocation * Terminating immediately when overflow is found * Fix typo err --------- Co-authored-by: dataisland <[email protected]>
…ladb#1704) * Bump the pip-dependencies group across 1 directory with 2 updates Bumps the pip-dependencies group with 2 updates in the /Tests/ExamplesTest directory: [attrs](https://github.com/sponsors/hynek) and [pyparsing](https://github.com/pyparsing/pyparsing). Updates `attrs` from 24.3.0 to 25.1.0 - [Commits](https://github.com/sponsors/hynek/commits) Updates `pyparsing` from 3.1.4 to 3.2.1 - [Release notes](https://github.com/pyparsing/pyparsing/releases) - [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) - [Commits](pyparsing/pyparsing@3.1.4...3.2.1) --- updated-dependencies: - dependency-name: attrs dependency-type: direct:production update-type: version-update:semver-major dependency-group: pip-dependencies - dependency-name: pyparsing dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> * Update Tests/ExamplesTest/requirements.txt --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Liu, An-Chi <[email protected]>
Co-authored-by: GitHub <[email protected]>
Co-authored-by: GitHub <[email protected]>
Ensure that the destructor and assignment operator correctly handle the deletion of raw data based on the m_DeleteRawDataAtDestructor flag by using the updated clear() method. Update comments to reflect these changes. Co-authored-by: seladb <[email protected]>
These are all in _MSC_VER which is Windows-only, but let them be lower for consistency. Co-authored-by: seladb <[email protected]>
As per discussion in seladb#1694, remove SSL 2 for now. SSL 2 is not actually implemented, and the version code point is wrong anyway. SSL 2 uses a version field of 0x0002, not 0x0200. This is confirmed not only in the original Netscape spec [1] and RFC draft of the time [2], but also in major implementations such as OpenSSL [3] and Wireshark [4]. More importantly, SSL 2 has a different record format, without version field, that is used for both SSL 2 proper, and SSL 2 compatible SSL 3 / TLS. For Packet++ to see a SSL 2 version field on the wire, it would first have to support the SSL 2 record format, and at least one of SSL 2 handshake messages, or SSL 2 compatible SSL 3 or later handshakes. [1] https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html [2] https://datatracker.ietf.org/doc/html/draft-hickman-netscape-ssl-00 [3] https://github.com/openssl/openssl/blob/OpenSSL_0_9_6m/ssl/ssl2.h#L66-L71 [4] https://github.com/wireshark/wireshark/blob/release-4.4/epan/dissectors/packet-tls-utils.h#L266-L277 Co-authored-by: seladb <[email protected]>
…eladb#1728) - Changed PcapPlusPlus_INCLUDE_DIRS to PcapPlusPlus_INCLUDE_DIR in comments to match actual variable name - Removed PcapPlusPlus_LIBRARIES reference from comments to align with target-based CMake practices Co-authored-by: Ege Çetin <[email protected]>
* Exported set thread affinity code to a helper function. * Error logs fixup. * Reordered exception handling order so an exception in the logging infrastructure does not prevent shutdown of the initializing threads.
* Adds cmake variable PCAPPP_LOG_LEVEL to determine compile time log level through cmake. * Added checks for log level input. * Lint?
seladb#1730) * Bump the actions-dependencies group across 1 directory with 11 updates Bumps the actions-dependencies group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-python](https://github.com/actions/setup-python) | `5.3.0` | `5.4.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.5` | `7.0.8` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.0.7` | `5.4.0` | | [msys2/setup-msys2](https://github.com/msys2/setup-msys2) | `2.25.0` | `2.27.0` | | [vmactions/freebsd-vm](https://github.com/vmactions/freebsd-vm) | `1.1.5` | `1.1.9` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `4.6.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.5` | `3.28.11` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `1.4.4` | `2.2.3` | | [ncipollo/release-action](https://github.com/ncipollo/release-action) | `1.14.0` | `1.16.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.8` | `4.1.9` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.1` | Updates `actions/setup-python` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@0b93645...4237552) Updates `peter-evans/create-pull-request` from 7.0.5 to 7.0.8 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@5e91468...271a8d0) Updates `codecov/codecov-action` from 5.0.7 to 5.4.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@015f24e...0565863) Updates `msys2/setup-msys2` from 2.25.0 to 2.27.0 - [Release notes](https://github.com/msys2/setup-msys2/releases) - [Changelog](https://github.com/msys2/setup-msys2/blob/main/CHANGELOG.md) - [Commits](msys2/setup-msys2@c52d1fa...61f9e5e) Updates `vmactions/freebsd-vm` from 1.1.5 to 1.1.9 - [Release notes](https://github.com/vmactions/freebsd-vm/releases) - [Commits](vmactions/freebsd-vm@debf37c...8873d98) Updates `actions/upload-artifact` from 4.4.3 to 4.6.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b4b15b8...4cec3d8) Updates `github/codeql-action` from 3.27.5 to 3.28.11 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@f09c1c0...6bb031a) Updates `actions/attest-build-provenance` from 1.4.4 to 2.2.3 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@ef24412...c074443) Updates `ncipollo/release-action` from 1.14.0 to 1.16.0 - [Release notes](https://github.com/ncipollo/release-action/releases) - [Commits](ncipollo/release-action@2c591bc...440c8c1) Updates `actions/download-artifact` from 4.1.8 to 4.1.9 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@fa0a91b...cc20338) Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@62b2cac...f49aabe) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-dependencies - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: msys2/setup-msys2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: vmactions/freebsd-vm dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies - dependency-name: ncipollo/release-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-dependencies - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> * Try updating Google Benchmark to 1.9.1 * Disable Google Benchmark for MinGW --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ege Çetin <[email protected]> Co-authored-by: seladb <[email protected]>
* Changed m_CoreConfiguration to std::array. * Changed `clearCoreConfiguration` to for-each loop. Changed `getCOresInUseCount` to use `std::count_if`. * Added change to `constexpr` todo to `MAX_NUM_OF_CORES`.
* FIxed reentrant mode allocated buffer going out of scope. * Lint
* Pin cppcheck version * Fix path * Update cppcheck to 2.17.1 * Suppress cppcheck error * Remove cppcheck source after installation * Fix cppcheck issues * Fix cppcheck issues * Fix cppcheck issues * Fix cppcheck issues * Suppress `normalCheckLevelMaxBranches` * Remove `--language=c++` param * Rollback to 2.7 * Rollback to 2.7 * Try cppcheck 2.9 * Update CONTRIBUTING.md
…declaration order of PcapFileDevice.h (seladb#1745)
* Made m_StopThread flag atomic to prevent tearing. Encapsulated StartupBlock code for notify/wait into member functions. * Fixed type returns. * Lint
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.