Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RTPS DataPacketField wrong payload len. #4594

Open
Splinter1984 opened this issue Nov 19, 2024 · 0 comments · May be fixed by #4545
Open

RTPS DataPacketField wrong payload len. #4594

Splinter1984 opened this issue Nov 19, 2024 · 0 comments · May be fixed by #4545

Comments

@Splinter1984
Copy link

Brief description

In RTPS protocol, during DataPacketField calculation of payload length assume that inlineQos has no data. Which leads to wrong payload length, as result incorrect packet interpretation.
The following PR resolve the issue:

Scapy version

6f0faf3

Python version

3.10.12

Operating system

Ubuntu 20.04

Additional environment information

No response

How to reproduce

The following test case able to reproduce the issue.

p0 = RTPS(
      protocolVersion=ProtocolVersionPacket(major=2, minor=2),
      vendorId=VendorIdPacket(vendor_id=0x010f),
      guidPrefix=GUIDPrefixPacket(
        hostId=0x010f45d2, appId=0xb3f558b9, instanceId=0x01000000
      ),magic=b"RTPS"
    )/RTPSMessage(submessages=[
    RTPSSubMessage_INFO_TS(
      submessageId=9,
      submessageFlags=1,
      octetsToNextHeader=8,
      ts_seconds=1638425814,
      ts_fraction=2083784982,
    ), 
    RTPSSubMessage_DATA(
      submessageId= 0x15,
      submessageFlags= 0x7,
      octetsToNextHeader= 54,
      extraFlags= 0x0,
      octetsToInlineQoS= 16,
      readerEntityIdKey= 0x0,
      readerEntityIdKind= 0x0,
      writerEntityIdKey= 0x0,
      writerEntityIdKind= 0x0,
      writerSeqNumHi= 0,
      writerSeqNumLow= 4,
      inlineQoS= InlineQoSPacket(
        parameters= [
          PID_UNKNOWN(
            parameterId= 0x801e,
            parameterLength= 4,
            parameterData= b'\x00\x00\x00\x00',
          ),
        ],
        sentinel= PID_SENTINEL(
          parameterId= 0x1,
          parameterLength= 0,
          parameterData= b'',
        ),
      ),
      data= DataPacket(
        encapsulationKind= 0x1,
        encapsulationOptions= 0x3,
        serializedData= b'=\x00\x00\x00abcdefghij\x00\x00\x00\x00',
      ),
    ),
    RTPSSubMessage_INFO_TS(
      submessageId=9,
      submessageFlags=1,
      octetsToNextHeader=8,
      ts_seconds=1638425814,
      ts_fraction=2083784982,
    ), 
    RTPSSubMessage_DATA(
      submessageId= 0x15,
      submessageFlags= 0x7,
      octetsToNextHeader= 54,
      extraFlags= 0x0,
      octetsToInlineQoS= 16,
      readerEntityIdKey= 0x0,
      readerEntityIdKind= 0x0,
      writerEntityIdKey= 0x0,
      writerEntityIdKind= 0x0,
      writerSeqNumHi= 0,
      writerSeqNumLow= 4,
      inlineQoS= InlineQoSPacket(
        parameters= [
          PID_UNKNOWN(
            parameterId= 0x801e,
            parameterLength= 4,
            parameterData= b'\x00\x00\x00\x00',
          ),
        ],
        sentinel= PID_SENTINEL(
          parameterId= 0x1,
          parameterLength= 0,
          parameterData= b'',
        ),
      ),
      data= DataPacket(
        encapsulationKind= 0x1,
        encapsulationOptions= 0x3,
        serializedData= b'=\x00\x00\x00abcdefghij\x00\x00\x00\x00',
      ),
    ),
])

d = b"\x52\x54\x50\x53\x02\x02\x01\x0f\x01\x0f\x45\xd2\xb3\xf5\x58\xb9" \
    b"\x01\x00\x00\x00\x09\x01\x08\x00\xd6\x64\xa8\x61\x16\x09\x34\x7c" \
    b"\x15\x07\x36\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00" \
    b"\x00\x00\x00\x00\x04\x00\x00\x00\x1e\x80\x04\x00\x00\x00\x00\x00" \
    b"\x01\x00\x00\x00\x00\x01\x00\x03\x3d\x00\x00\x00\x61\x62\x63\x64" \
    b"\x65\x66\x67\x68\x69\x6a\x00\x00\x00\x00\x09\x01\x08\x00\xd6\x64" \
    b"\xa8\x61\x16\x09\x34\x7c\x15\x07\x36\x00\x00\x00\x10\x00\x00\x00" \
    b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x1e\x80" \
    b"\x04\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x03\x3d\x00" \
    b"\x00\x00\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x00\x00\x00\x00"

assert RTPS(d) == p0

Actual result

No response

Expected result

No response

Related resources

No response
@Splinter1984 Splinter1984 linked a pull request Nov 19, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix payload_len calculation for DataPacket. Splinter1984/scapy
1 participant
@Splinter1984