Merge pull request #606 from eglooca/pr-fix-parse-packet-line-info

Prevent missing text lines and invalid reads past end-of-buffer.

1 files changed, 5 insertions, 4 deletions

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 722fdb68f..b904bbefc 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4641,7 +4641,11 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc
   packet->line[packet->parsed_lines].ptr = packet->payload;
   packet->line[packet->parsed_lines].len = 0;
 
-  for(a = 0; a < packet->payload_packet_len-2; a++) {
+  for(a = 0; a < packet->payload_packet_len; a++) {
+
+    if((a + 1) == packet->payload_packet_len)
+	  return; /* Return if only one byte remains (prevent invalid reads past end-of-buffer) */
+
     if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) { /* If end of line char sequence CR+NL "\r\n", process line */
       packet->line[packet->parsed_lines].len = (u_int16_t)(((unsigned long) &packet->payload[a]) - ((unsigned long) packet->line[packet->parsed_lines].ptr));
 
@@ -4821,9 +4825,6 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc
       packet->line[packet->parsed_lines].ptr = &packet->payload[a + 2];
       packet->line[packet->parsed_lines].len = 0;
 
-      if((a + 2) >= packet->payload_packet_len)
-	    return;
-
       a++; /* next char in the payload */
     }
   }