QUIC sniffer: Fix potential slice panic (#3406)

* QUIC sniffer: Fix potential slice panic * Fix type err * Update sniff.go * Add test and fix more * Refine
2025-06-26 21:29:58 +00:00 · 2025-05-18 03:53:29 +08:00 · 2025-05-18 03:53:29 +08:00 · 1f2d76c066
commit 1f2d76c066
parent 28f558601f
2 changed files with 22 additions and 0 deletions
--- a/common/protocol/quic/sniff.go
+++ b/common/protocol/quic/sniff.go
@ -116,6 +116,10 @@ func SniffQUIC(b []byte) (*SniffHeader, error) {
 		if err != nil {
 			return nil, errNotQuic
 		}
+		// packet is impossible to shorter than this
+		if packetLen < 4 {
+			return nil, errNotQuic
+		}

 		hdrLen := len(b) - int(buffer.Len())
 		if len(b) < hdrLen+int(packetLen) {
--- a/common/protocol/quic/sniff_test.go
+++ b/common/protocol/quic/sniff_test.go
@ -239,3 +239,21 @@ func TestSniffQUICComplex(t *testing.T) {
 		})
 	}
 }
+
+func TestSniffFakeQUICPacketWithInvalidPacketNumberLength(t *testing.T) {
+	pkt, err := hex.DecodeString("cb00000001081c8c6d5aeb53d54400000090709b8600000000000000000000000000000000")
+	common.Must(err)
+	_, err = quic.SniffQUIC(pkt)
+	if err == nil {
+		t.Error("failed")
+	}
+}
+
+func TestSniffFakeQUICPacketWithTooShortData(t *testing.T) {
+	pkt, err := hex.DecodeString("cb00000001081c8c6d5aeb53d54400000090709b86")
+	common.Must(err)
+	_, err = quic.SniffQUIC(pkt)
+	if err == nil {
+		t.Error("failed")
+	}
+}