From 8798ceffa63f29d27e8d11bf8781bfc3d83e0014 Mon Sep 17 00:00:00 2001 From: shapaz <47742533+shapaz@users.noreply.github.com> Date: Wed, 24 Jan 2024 12:14:33 +0200 Subject: [PATCH 1/2] Fixed fragment data size in IPv6 defragmentation --- scapy/layers/inet6.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index d795bef446e..a3bf89db69a 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1133,13 +1133,15 @@ def defragment6(packets): # regenerate the fragmentable part fragmentable = b"" + frag_hdr_len = len(IPv6ExtHdrFragment) for p in res: q = p[IPv6ExtHdrFragment] offset = 8 * q.offset if offset != len(fragmentable): warning("Expected an offset of %d. Found %d. Padding with XXXX" % (len(fragmentable), offset)) # noqa: E501 + frag_data_len = p[IPv6].plen - frag_hdr_len fragmentable += b"X" * (offset - len(fragmentable)) - fragmentable += raw(q.payload) + fragmentable += raw(q.payload)[:frag_data_len] # Regenerate the unfragmentable part. q = res[0].copy() From 6c901ba4bb3234367adc58a31f65939c0d4fe2c7 Mon Sep 17 00:00:00 2001 From: shapaz <47742533+shapaz@users.noreply.github.com> Date: Wed, 24 Jan 2024 17:05:08 +0200 Subject: [PATCH 2/2] Support IPv6.plen=None in defragment6 --- scapy/layers/inet6.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index a3bf89db69a..62dd93a2a9a 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1139,7 +1139,9 @@ def defragment6(packets): offset = 8 * q.offset if offset != len(fragmentable): warning("Expected an offset of %d. Found %d. Padding with XXXX" % (len(fragmentable), offset)) # noqa: E501 - frag_data_len = p[IPv6].plen - frag_hdr_len + frag_data_len = p[IPv6].plen + if frag_data_len is not None: + frag_data_len -= frag_hdr_len fragmentable += b"X" * (offset - len(fragmentable)) fragmentable += raw(q.payload)[:frag_data_len]