Skip to content

Fix heap-buffer-overflow in ModbusLayer on truncated packets#2159

Open
SAY-5 wants to merge 1 commit into
seladb:devfrom
SAY-5:say5-modbus-oob
Open

Fix heap-buffer-overflow in ModbusLayer on truncated packets#2159
SAY-5 wants to merge 1 commit into
seladb:devfrom
SAY-5:say5-modbus-oob

Conversation

@SAY-5

@SAY-5 SAY-5 commented Jun 2, 2026

Copy link
Copy Markdown

Fixes #2155

A TCP packet to port 502 with fewer than 8 payload bytes was still parsed as a ModbusLayer, so the header getters (getTransactionId, getLength, toString, etc.) read past the end of the buffer. This adds a ModbusLayer::isDataValid check on the payload length before constructing the layer, matching how GtpV2Layer and BgpLayer guard their parsing. Added a regression test with a truncated Modbus packet that fails without the guard.

@SAY-5
Fix heap-buffer-overflow in ModbusLayer on truncated packets
93f4f41 
Signed-off-by: Sai Asish Y <say.apm35@gmail.com>
@SAY-5 SAY-5 requested a review from seladb as a code owner June 2, 2026 20:40
Dimi1010
Dimi1010 approved these changes Jun 6, 2026
View reviewed changes

@Dimi1010 Dimi1010 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@codecov

codecov Bot commented Jun 6, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.72%. Comparing base (6ba29cf) to head (93f4f41).

Additional details and impacted files 
@@           Coverage Diff            @@
##              dev    #2159    +/-   ##
========================================
  Coverage   82.72%   82.72%            
========================================
  Files         332      332            
  Lines       59807    59811     +4     
  Branches    12591    12298   -293     
========================================
+ Hits        49475    49480     +5     
- Misses       8947     8979    +32     
+ Partials     1385     1352    -33
Flag Coverage Δ
23.11.6 7.27% <0.00%> (-0.01%) ⬇️
24.11.5 7.30% <0.00%> (-0.01%) ⬇️
25.11.1 7.32% <0.00%> (-0.01%) ⬇️
alpine320 76.86% <100.00%> (+<0.01%) ⬆️
fedora42 76.46% <100.00%> (+0.02%) ⬆️
macos-14 82.25% <88.88%> (-0.02%) ⬇️
macos-15 82.26% <88.88%> (+<0.01%) ⬆️
mingw32 71.13% <100.00%> (+0.01%) ⬆️
mingw64 71.10% <100.00%> (+0.08%) ⬆️
npcap ?
rhel94 76.25% <100.00%> (+<0.01%) ⬆️
ubuntu2204 76.26% <100.00%> (-0.01%) ⬇️
ubuntu2204-icpx 59.37% <66.66%> (-0.03%) ⬇️
ubuntu2404 76.58% <100.00%> (+0.01%) ⬆️
ubuntu2404-arm64 76.57% <100.00%> (+<0.01%) ⬆️
ubuntu2604 76.50% <100.00%> (-0.01%) ⬇️
unittest 82.72% <100.00%> (+<0.01%) ⬆️
windows-2022 85.80% <100.00%> (+0.11%) ⬆️
windows-2025 85.83% <100.00%> (+0.12%) ⬆️
winpcap 85.83% <100.00%> (-0.07%) ⬇️
xdp 53.15% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Dimi1010 Dimi1010 Dimi1010 approved these changes

@seladb seladb Awaiting requested review from seladb seladb is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SAY-5 @Dimi1010