From 4d731800bf93d744d8cd669cc3e78227566ada62 Mon Sep 17 00:00:00 2001
From: yangwei <yangwei@geedgenetworks.com>
Date: Fri, 28 Jul 2023 23:24:57 +0800
Subject: 🐞 fix(parse_quic_uncryption_payload):
 增加长度判断，修复长度异常时造成的内存非法读
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

附test/pcap/quic_len-2.pcapng为解析长度异常的包
---
 src/quic_process.cpp         |   6 +++++-
 test/pcap/quic_len_-2.pcapng | Bin 0 -> 436 bytes
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 test/pcap/quic_len_-2.pcapng

diff --git a/src/quic_process.cpp b/src/quic_process.cpp
index fe86a46..4b677c6 100644
--- a/src/quic_process.cpp
+++ b/src/quic_process.cpp
@@ -778,7 +778,11 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
 	
 	if(quic_version>=GQUIC_VERSION_Q001 && quic_version<=GQUIC_VERSION_Q048)
 	{
-		return parse_quic_uncryption_payload(quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
+		if(payload_len > payload_offset)
+		{
+			return parse_quic_uncryption_payload(quic_info, payload+payload_offset, payload_len-payload_offset, thread_seq);
+		}
+		return PARSE_RESULT_VERSION;
 	}
 	else if(((quic_version>=MVFST_VERSION_00 && quic_version<=MVFST_VERSION_0F)		||
 						(quic_version>=GQUIC_VERSION_Q049 && quic_version<=GQUIC_VERSION_Q059)	||
diff --git a/test/pcap/quic_len_-2.pcapng b/test/pcap/quic_len_-2.pcapng
new file mode 100644
index 0000000..44f3965
Binary files /dev/null and b/test/pcap/quic_len_-2.pcapng differ
-- 
cgit v1.2.3