fix(parsing): Handling bad addresses in dsntap (#23071)

* fix(parsing): Handling bad addresses in dsntap

* Fix clippy warning

Author: wooffie

changelog.d/fix_dnstap_extract_address_logic.fix.md

@@ -0,0 +1,3 @@
+Added checks to avoid possible panic while parsing address in `dnstap-parser::DnstapParser::parse_dnstap_message_socket_family`.
+
+authors: wooffie

lib/dnstap-parser/src/parser.rs

@@ -438,9 +438,15 @@ impl DnstapParser {
 
         if let Some(query_address) = dnstap_message.query_address.as_ref() {
             let source_address = if socket_family == 1 {
+                if query_address.len() < 4 {
+                    return Err(Error::from("Cannot parse query_address"));
+                }
                 let address_buffer: [u8; 4] = query_address[0..4].try_into()?;
                 IpAddr::V4(Ipv4Addr::from(address_buffer))
             } else {
+                if query_address.len() < 16 {
+                    return Err(Error::from("Cannot parse query_address"));
+                }
                 let address_buffer: [u8; 16] = query_address[0..16].try_into()?;
                 IpAddr::V6(Ipv6Addr::from(address_buffer))
             };
@@ -464,9 +470,15 @@ impl DnstapParser {
 
         if let Some(response_address) = dnstap_message.response_address.as_ref() {
             let response_addr = if socket_family == 1 {
+                if response_address.len() < 4 {
+                    return Err(Error::from("Cannot parse response_address"));
+                }
                 let address_buffer: [u8; 4] = response_address[0..4].try_into()?;
                 IpAddr::V4(Ipv4Addr::from(address_buffer))
             } else {
+                if response_address.len() < 16 {
+                    return Err(Error::from("Cannot parse response_address"));
+                }
                 let address_buffer: [u8; 16] = response_address[0..16].try_into()?;
                 IpAddr::V6(Ipv6Addr::from(address_buffer))
             };
@@ -1038,7 +1050,7 @@ mod tests {
     use super::*;
     use chrono::DateTime;
     use dnsmsg_parser::dns_message_parser::DnsParserOptions;
-    use std::collections::BTreeMap;
+    use std::{collections::BTreeMap, vec};
 
     #[test]
     fn test_parse_dnstap_data_with_query_message() {
@@ -1365,6 +1377,46 @@ mod tests {
         )
     }
 
+    #[test]
+    fn test_parse_dnstap_message_socket_family_bad_addr() {
+        // while parsing address is optional, but in this function assume otherwise
+        fn test_one_input(socket_family: i32, msg: DnstapMessage) -> Result<()> {
+            let mut event = LogEvent::default();
+            let root = owned_value_path!();
+            DnstapParser::parse_dnstap_message_socket_family(&mut event, &root, socket_family, &msg)
+        }
+        // all bad cases which can panic
+        {
+            let message = DnstapMessage {
+                query_address: Some(vec![]),
+                ..Default::default()
+            };
+            assert!(test_one_input(1, message).is_err());
+        }
+        {
+            let message = DnstapMessage {
+                query_address: Some(vec![]),
+                ..Default::default()
+            };
+            assert!(test_one_input(2, message).is_err());
+        }
+
+        {
+            let message = DnstapMessage {
+                response_address: Some(vec![]),
+                ..Default::default()
+            };
+            assert!(test_one_input(1, message).is_err());
+        }
+        {
+            let message = DnstapMessage {
+                response_address: Some(vec![]),
+                ..Default::default()
+            };
+            assert!(test_one_input(2, message).is_err());
+        }
+    }
+
     #[test]
     fn test_get_socket_family_name() {
         assert_eq!("INET", to_socket_family_name(1).unwrap());