From 167138c4602a8d357f09308257bb524590e00299 Mon Sep 17 00:00:00 2001
From: mohammadmseet-hue <mohammadmseet@gmail.com>
Date: Sat, 11 Apr 2026 18:53:48 +0200
Subject: [PATCH] Fix panic on malformed SFlow packets

Add bounds checking in SFlowDatagram.DecodeFromBytes before reading
header fields. The chained data/field assignments assumed sufficient
data length, causing slice bounds panics on truncated packets, short
agent addresses, and missing sample data.

Return an error instead of panicking when data is too short.
---
 layers/sflow.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/layers/sflow.go b/layers/sflow.go
index bc1c9733b..87b9b29eb 100644
--- a/layers/sflow.go
+++ b/layers/sflow.go
@@ -300,9 +300,16 @@ func (s SFlowIPType) Length() int {
 func (s *SFlowDatagram) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error {
 	var agentAddressType SFlowIPType
 
+	if len(data) < 8 {
+		return fmt.Errorf("SFlow Datagram too short: %d bytes", len(data))
+	}
 	data, s.DatagramVersion = data[4:], binary.BigEndian.Uint32(data[:4])
 	data, agentAddressType = data[4:], SFlowIPType(binary.BigEndian.Uint32(data[:4]))
-	data, s.AgentAddress = data[agentAddressType.Length():], data[:agentAddressType.Length()]
+	agentLen := agentAddressType.Length()
+	if len(data) < int(agentLen)+16 {
+		return fmt.Errorf("SFlow Datagram too short for agent address and header fields")
+	}
+	data, s.AgentAddress = data[agentLen:], data[:agentLen]
 	data, s.SubAgentID = data[4:], binary.BigEndian.Uint32(data[:4])
 	data, s.SequenceNumber = data[4:], binary.BigEndian.Uint32(data[:4])
 	data, s.AgentUptime = data[4:], binary.BigEndian.Uint32(data[:4])
@@ -312,6 +319,9 @@ func (s *SFlowDatagram) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback)
 		return fmt.Errorf("SFlow Datagram has invalid sample length: %d", s.SampleCount)
 	}
 	for i := uint32(0); i < s.SampleCount; i++ {
+		if len(data) < 4 {
+			return fmt.Errorf("SFlow Datagram too short for sample %d header", i)
+		}
 		sdf := SFlowDataFormat(binary.BigEndian.Uint32(data[:4]))
 		_, sampleType := sdf.decode()
 		switch sampleType {