ShuriZma
/
pcsx2
mirror of https://github.com/PCSX2/pcsx2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DEV9: Prevent out of bounds reads in ICMP fix

This commit is contained in:
TheLastRar 2024-12-03 22:28:12 +00:00 committed by Ty
parent 0a44e20c34
commit 00f4cd5252
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pcsx2/DEV9/Sessions/ICMP_Session/ICMP_Session.cpp
View File

@ -785,11 +785,28 @@ namespace Sessions
Console.Error("DEV9: ICMP: Malformed ICMP Packet");
int off = 1;
while ((icmpPayload->data[off] & 0xF0) != (4 << 4))
{
off += 1;
// Require space for the IP Header and source/dest port of a UDP/TCP packet
// We don't generate packets with IP options, so IP header is always 20 bytes
if (icmpPayload->GetLength() - off - 24 < 0)
{
off = -1;
break;
}
}
if (off == -1)
{
Console.Error("DEV9: ICMP: Unable To Recover Data");
Console.Error("DEV9: ICMP: Failed To Reset Rejected Connection");
break;
}
Console.Error("DEV9: ICMP: Payload delayed %d bytes", off);
retPkt = std::make_unique<IP_Packet>(&icmpPayload->data[off], icmpPayload->GetLength(), true);
retPkt = std::make_unique<IP_Packet>(&icmpPayload->data[off], icmpPayload->GetLength() - off, true);
}
const IP_Address srvIP = retPkt->sourceIP;