diff --git a/Packet++/src/BgpLayer.cpp b/Packet++/src/BgpLayer.cpp index b32ab8d01..993d6edb7 100644 --- a/Packet++/src/BgpLayer.cpp +++ b/Packet++/src/BgpLayer.cpp @@ -744,9 +744,21 @@ namespace pcpp if (newNlriDataLen > curNlriDataLen) { + + // offsetInLayer, numOfBytesToExtend + // int indexToInsertData = layer->m_Data + offsetInLayer - m_RawPacket->getRawData(); + auto bytesToExtend = newNlriDataLen - curNlriDataLen; + if(m_Data != nullptr + && m_Packet != nullptr + && static_cast(m_Packet->getRawPacket()->getRawDataLen()) + bytesToExtend < static_cast(m_Packet->getRawPacket()->getRawDataLen()) ) + { + PCPP_LOG_ERROR("Failed to extend BGP update layer, the new data length exceeds the raw packet's data length"); + return false; + } + bool res = extendLayer(sizeof(bgp_common_header) + 2 * sizeof(uint16_t) + curWithdrawnRoutesDataLen + - curPathAttributesDataLen, - newNlriDataLen - curNlriDataLen); + curPathAttributesDataLen, + bytesToExtend); if (!res) { PCPP_LOG_ERROR("Couldn't extend BGP update layer to include the additional NLRI data"); diff --git a/Packet++/src/RawPacket.cpp b/Packet++/src/RawPacket.cpp index 08022885c..2eca8a547 100644 --- a/Packet++/src/RawPacket.cpp +++ b/Packet++/src/RawPacket.cpp @@ -114,6 +114,13 @@ namespace pcpp void RawPacket::insertData(int atIndex, const uint8_t* dataToInsert, size_t dataToInsertLen) { + // Check for overflow in the new length + if (static_cast(m_RawDataLen) + dataToInsertLen < static_cast(m_RawDataLen)) + { + throw std::length_error( + "RawPacket::insertData: dataToInsertLen causes overflow in the new length calculation"); + } + // memmove copies data as if there was an intermediate buffer in between - so it allows for copying processes on // overlapping src/dest ptrs if insertData is called with atIndex == m_RawDataLen, then no data is being moved. // The data of the raw packet is still extended by dataToInsertLen