fix(parsing): Handling bad addresses in dsntap

[wooffie]

Summary

In parsing dnstap we can deserialize address of bad length and after get panic. Added some checks...

Change Type

• Bug fix
• New feature
• Non-functional (chore, refactoring, docs)
• Performance

Is this a breaking change?

• Yes
• No

How did you test this PR?

Testcase which show that this problem can be accessed outside crate:

    #[test]
    fn test_parse_dnstap_data_with_bad_address() {
        let a = [
            40, 4, 114, 56, 56, 42, 42, 42, 42, 42, 0, 0, 0, 0, 0, 0, 0, 185, 3, 0, 0, 0, 0, 0, 0,
            96, 64, 96, 96, 96, 96, 96, 96, 96, 96, 96, 96, 96, 96, 55, 55, 43, 55, 55, 54, 64,
            114, 42, 56, 0, 16, 2, 42, 0, 114, 4, 56, 56, 96, 96, 96, 96, 96, 56, 56, 2, 48, 0,
        ];
        let mut log_event = LogEvent::default();

        let _parse_result = DnstapParser::parse(
            &mut log_event,
            Bytes::copy_from_slice(&a),
            DnsParserOptions::default(),
        );
    }

And some trace:

thread 'parser::tests::test_parse_dnstap_data_with_bad_address' panicked at lib/dnstap-parser/src/parser.rs:470:64:
range end index 16 out of range for slice of length 0
stack backtrace:
   0: rust_begin_unwind
             at /rustc/4eb161250e340c8f48f66e2b929ef4a5bed7c181/library/std/src/panicking.rs:692:5
   1: core::panicking::panic_fmt
             at /rustc/4eb161250e340c8f48f66e2b929ef4a5bed7c181/library/core/src/panicking.rs:75:14
   2: core::slice::index::slice_end_index_len_fail::do_panic::runtime
             at /rustc/4eb161250e340c8f48f66e2b929ef4a5bed7c181/library/core/src/panic.rs:218:21
   3: core::slice::index::slice_end_index_len_fail::do_panic
             at /rustc/4eb161250e340c8f48f66e2b929ef4a5bed7c181/library/core/src/intrinsics/mod.rs:3869:9
   4: core::slice::index::slice_end_index_len_fail
             at /rustc/4eb161250e340c8f48f66e2b929ef4a5bed7c181/library/core/src/panic.rs:223:9
   5: <core::ops::range::Range<usize> as core::slice::index::SliceIndex<[T]>>::index
             at /home/wooffie/.rustup/toolchains/1.85-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/slice/index.rs:437:13
   6: core::slice::index::<impl core::ops::index::Index<I> for [T]>::index
             at /home/wooffie/.rustup/toolchains/1.85-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/slice/index.rs:16:9
   7: <alloc::vec::Vec<T,A> as core::ops::index::Index<I>>::index
             at /home/wooffie/.rustup/toolchains/1.85-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/alloc/src/vec/mod.rs:3361:9
   8: dnstap_parser::parser::DnstapParser::parse_dnstap_message_socket_family
             at ./src/parser.rs:470:64
   9: dnstap_parser::parser::DnstapParser::parse_dnstap_message
             at ./src/parser.rs:192:13
  10: dnstap_parser::parser::DnstapParser::parse
             at ./src/parser.rs:153:25
  11: dnstap_parser::parser::tests::test_parse_dnstap_data_with_bad_address
             at ./src/parser.rs:1377:25
  12: dnstap_parser::parser::tests::test_parse_dnstap_data_with_bad_address::{{closure}}
             at ./src/parser.rs:1369:49
  13: core::ops::function::FnOnce::call_once
             at /home/wooffie/.rustup/toolchains/1.85-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ops/function.rs:250:5
  14: core::ops::function::FnOnce::call_once
             at /rustc/4eb161250e340c8f48f66e2b929ef4a5bed7c181/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.


failures:
    parser::tests::test_parse_dnstap_data_with_bad_address

I added some checks that can be return Err to be emited in main parsing function. Also testcases which cover all problems

You can add just my testcases and see panic

Does this PR include user facing changes?

I dont care, at the team discretion

• Yes. Please add a changelog fragment based on our guidelines.
• No. A maintainer will apply the "no-changelog" label to this PR.

Notes

• Please read our Vector contributor resources.
• Do not hesitate to use @vectordotdev/vector to reach out to us regarding this PR.
• The CI checks run only after we manually approve them.
  • We recommend adding a pre-push hook, please see this template.
  • Alternatively, we recommend running the following locally before pushing to the remote branch:
    • cargo fmt --all
    • cargo clippy --workspace --all-targets -- -D warnings
    • cargo nextest run --workspace (alternatively, you can run cargo test --all)
    • ./scripts/check_changelog_fragments.sh
• After a review is requested, please avoid force pushes to help us review incrementally.
  • Feel free to push as many commits as you want. They will be squashed into one before merging.
  • For example, you can run git merge origin master and git push.
• If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
  run cargo vdev build licenses to regenerate the license inventory and commit the changes (if any). More details here.

References

[wooffie]

Also, we can do it like this:

let buffer = query_address
                    .get(..4)
                    .ok_or_else(|| Error::from("Cannot parse query_address"))?;
let address_buffer: [u8; 4] = (*buffer).try_into()?;

[pront]

Thanks!

[wooffie]

I'll fix this, sorry