Skip to content

RTPS DataPacketField wrong payload len.  #4594

New issue
New issue
Open
#4545
Open
RTPS DataPacketField wrong payload len. #4594
#4545
@Splinter1984

Description

@Splinter1984
Splinter1984
opened on Nov 19, 2024

Brief description

In RTPS protocol, during DataPacketField calculation of payload length assume that inlineQos has no data. Which leads to wrong payload length, as result incorrect packet interpretation.
The following PR resolve the issue:

Scapy version

6f0faf3

Python version

3.10.12

Operating system

Ubuntu 20.04

Additional environment information

No response

How to reproduce

The following test case able to reproduce the issue.

p0 = RTPS( protocolVersion=ProtocolVersionPacket(major=2, minor=2), vendorId=VendorIdPacket(vendor_id=0x010f), guidPrefix=GUIDPrefixPacket( hostId=0x010f45d2, appId=0xb3f558b9, instanceId=0x01000000 ),magic=b"RTPS" )/RTPSMessage(submessages=[ RTPSSubMessage_INFO_TS( submessageId=9, submessageFlags=1, octetsToNextHeader=8, ts_seconds=1638425814, ts_fraction=2083784982, ), RTPSSubMessage_DATA( submessageId= 0x15, submessageFlags= 0x7, octetsToNextHeader= 54, extraFlags= 0x0, octetsToInlineQoS= 16, readerEntityIdKey= 0x0, readerEntityIdKind= 0x0, writerEntityIdKey= 0x0, writerEntityIdKind= 0x0, writerSeqNumHi= 0, writerSeqNumLow= 4, inlineQoS= InlineQoSPacket( parameters= [ PID_UNKNOWN( parameterId= 0x801e, parameterLength= 4, parameterData= b'\x00\x00\x00\x00', ), ], sentinel= PID_SENTINEL( parameterId= 0x1, parameterLength= 0, parameterData= b'', ), ), data= DataPacket( encapsulationKind= 0x1, encapsulationOptions= 0x3, serializedData= b'=\x00\x00\x00abcdefghij\x00\x00\x00\x00', ), ), RTPSSubMessage_INFO_TS( submessageId=9, submessageFlags=1, octetsToNextHeader=8, ts_seconds=1638425814, ts_fraction=2083784982, ), RTPSSubMessage_DATA( submessageId= 0x15, submessageFlags= 0x7, octetsToNextHeader= 54, extraFlags= 0x0, octetsToInlineQoS= 16, readerEntityIdKey= 0x0, readerEntityIdKind= 0x0, writerEntityIdKey= 0x0, writerEntityIdKind= 0x0, writerSeqNumHi= 0, writerSeqNumLow= 4, inlineQoS= InlineQoSPacket( parameters= [ PID_UNKNOWN( parameterId= 0x801e, parameterLength= 4, parameterData= b'\x00\x00\x00\x00', ), ], sentinel= PID_SENTINEL( parameterId= 0x1, parameterLength= 0, parameterData= b'', ), ), data= DataPacket( encapsulationKind= 0x1, encapsulationOptions= 0x3, serializedData= b'=\x00\x00\x00abcdefghij\x00\x00\x00\x00', ), ), ]) d = b"\x52\x54\x50\x53\x02\x02\x01\x0f\x01\x0f\x45\xd2\xb3\xf5\x58\xb9" \ b"\x01\x00\x00\x00\x09\x01\x08\x00\xd6\x64\xa8\x61\x16\x09\x34\x7c" \ b"\x15\x07\x36\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ b"\x00\x00\x00\x00\x04\x00\x00\x00\x1e\x80\x04\x00\x00\x00\x00\x00" \ b"\x01\x00\x00\x00\x00\x01\x00\x03\x3d\x00\x00\x00\x61\x62\x63\x64" \ b"\x65\x66\x67\x68\x69\x6a\x00\x00\x00\x00\x09\x01\x08\x00\xd6\x64" \ b"\xa8\x61\x16\x09\x34\x7c\x15\x07\x36\x00\x00\x00\x10\x00\x00\x00" \ b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x1e\x80" \ b"\x04\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x03\x3d\x00" \ b"\x00\x00\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x00\x00\x00\x00" assert RTPS(d) == p0

Actual result

No response

Expected result

No response

Related resources

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions