Skip to content

Commit

Permalink
Tolerate decoding errors in LLMNR queries/responses
Browse files Browse the repository at this point in the history 
Fixes:
```
  File "scapy/sendrecv.py", line 1439, in tshark
  File "scapy/sendrecv.py", line 1311, in sniff
  File "scapy/sendrecv.py", line 1254, in _run
  File "scapy/sessions.py", line 109, in on_packet_received
  File "scapy/sendrecv.py", line 1436, in _cb
  File "scapy/packet.py", line 1645, in summary
  File "scapy/packet.py", line 1619, in _do_summary
  File "scapy/packet.py", line 1619, in _do_summary
  File "scapy/packet.py", line 1619, in _do_summary
  File "scapy/packet.py", line 1622, in _do_summary
  File "scapy/layers/llmnr.py", line 63, in mysummary
    self.qd.qname.decode(),
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 2: invalid start byte
```

It's a follow-up to dd7a5c9
  • Loading branch information
@evverx @gpotter2
evverx authored and gpotter2 committed Apr 26, 2023
1 parent 966aa9f commit 0f294fd
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
4 changes: 2 additions & 2 deletions scapy/layers/llmnr.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,12 +55,12 @@ def hashret(self):
def mysummary(self):
if self.an:
return "LLMNRResponse '%s' is at '%s'" % (
self.an.rrname.decode(),
self.an.rrname.decode(errors="backslashreplace"),
self.an.rdata,
), [UDP]
if self.qd:
return "LLMNRQuery who has '%s'" % (
self.qd.qname.decode(),
self.qd.qname.decode(errors="backslashreplace"),
), [UDP]


Expand Down
6 changes: 6 additions & 0 deletions test/scapy/layers/llmnr.uts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,9 @@ b = Ether(b'\x14\x0cv\x8f\xfe(\xd0P\x99V\xdd\xf9\x08\x00E\x00\x00(\x00\x01\x00\x
assert b.answers(a)
assert not a.answers(b)

= Summary
q = LLMNRQuery(b'Yy\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00\x01\x00\x01')
assert q.mysummary()[0] == r"LLMNRQuery who has '\xff.'"

r = LLMNRResponse(b'\n\xe6\x80\x00\x00\x01\x00\x01\x00\x00\x00\x00\x01\xff\x00\x00\x1c\x00\x01\xc0\x0c\x00\x1c\x00\x01\x00\x00\x00\x1e\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00xu\x17\xff\xfe\xbc\xac\xcb')
assert r.mysummary()[0] == r"LLMNRResponse '\xff.' is at 'fe80::7875:17ff:febc:accb'"

0 comments on commit 0f294fd

Please sign in to comment.