diff options
| author | dillinger79 <dxnanos@gmail.com> | 2017-01-20 11:31:36 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-01-20 11:31:36 +0200 |
| commit | 9f8fedb3b1f3e1a380baf1600a12096aaf2e2953 (patch) | |
| tree | b6fd005b8bcfd70ea50a371bd20626a16c327333 | |
| parent | 048ab4b5d3ff5a5b009c96487a67ba98c412ee23 (diff) | |
| parent | 4e6dda6361087161d3c6ba317393421d34b9e50f (diff) | |
Merge pull request #1 from dillinger79/dillinger79-patch-1
Update smpp.c
| -rw-r--r-- | src/lib/protocols/smpp.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c index ff64c47e5..d6d898893 100644 --- a/src/lib/protocols/smpp.c +++ b/src/lib/protocols/smpp.c @@ -31,6 +31,11 @@ static void ndpi_int_smpp_add_connection(struct ndpi_detection_module_struct* nd ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMPP, NDPI_PROTOCOL_UNKNOWN); } +static u_int8_t ndpi_check_overflow(u_int32_t current_legth, u_int32_t total_lenth) +{ + return (current_legth > 0 && current_legth > INT_MAX - total_lenth); +} + void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { @@ -68,8 +73,8 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, while(total_pdu_l < packet->payload_packet_len) { // get next PDU length tmp_pdu_l = ntohl(get_u_int32_t(packet->payload, total_pdu_l)); - // if zero, return, will try the next TCP segment - if(tmp_pdu_l == 0) return; + // if zero or overflowing , return, will try the next TCP segment + if(tmp_pdu_l == 0 || ndpi_check_overflow(tmp_pdu_l, total_pdu_l) ) return; // inc total PDU length total_pdu_l += ntohl(get_u_int32_t(packet->payload, total_pdu_l)); // inc total PDU count |