From 6627ab7c2cd891089bd7603791f019aa75d6aaa2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ege=20=C3=87etin?=
 <64282645+egecetin@users.noreply.github.com>
Date: Wed, 14 Aug 2024 10:38:23 +0300
Subject: [PATCH] Fix unknown read in TelnetLayer (#1534)

* Fix unknown read in TelnetLayer

* need at least 2 bytes for command

* fix formatting

---------

Co-authored-by: Liu, An-Chi <phy.tiger@gmail.com>
---
 Packet++/src/TelnetLayer.cpp                      |   3 ++-
 ...testcase-minimized-FuzzTarget-4981601846820864 | Bin 0 -> 211 bytes
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 Tests/Fuzzers/RegressionTests/regression_samples/clusterfuzz-testcase-minimized-FuzzTarget-4981601846820864

diff --git a/Packet++/src/TelnetLayer.cpp b/Packet++/src/TelnetLayer.cpp
index e59c1345f9..b8ee8cbbd4 100644
--- a/Packet++/src/TelnetLayer.cpp
+++ b/Packet++/src/TelnetLayer.cpp
@@ -92,7 +92,8 @@ namespace pcpp
 			pos += length;
 			offset += length;
 
-			if (isCommandField(pos))
+			if ((static_cast<size_t>(pos - m_Data) <= (m_DataLen - 2)) &&
+			    isCommandField(pos))  // Need at least 2 bytes for command
 				return pos;
 		}
 
diff --git a/Tests/Fuzzers/RegressionTests/regression_samples/clusterfuzz-testcase-minimized-FuzzTarget-4981601846820864 b/Tests/Fuzzers/RegressionTests/regression_samples/clusterfuzz-testcase-minimized-FuzzTarget-4981601846820864
new file mode 100644
index 0000000000000000000000000000000000000000..7ee74fb4fb53a3e4f6a7f1e0af426b40713b9288
GIT binary patch
literal 211
zcmca|c+)~A1{MYdAoveNK&-&S0ObCMfYl5jj)H=#0>gX-1t6OZst72?AP$lNf&U=A
eC;*+0A_?Ju?ZOZTSqpInObSy3CIh2URR91*;5w!N

literal 0
HcmV?d00001