diff options
| author | Luca Deri <lucaderi@users.noreply.github.com> | 2020-07-07 14:42:20 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-07 14:42:20 +0200 |
| commit | 94bf7b0130c1fd447624a9a91d2d125eaac91ea7 (patch) | |
| tree | 77c316e4fae2220e0fdd52b3dfa737aca152ba2f | |
| parent | 055422503c13ef9ed0666e4c95aad30a6b298bae (diff) | |
| parent | de25ba7d0b690c77ac5aa9ffba6ab107c033759f (diff) | |
Merge pull request #952 from lnslbrty/fix/missing-lengthcheck-in-reader-uutil
Fixed heap overflow caused by missing lengthcheck in reader uutil.
| -rw-r--r-- | example/reader_util.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index 508777ec2..94d5188ad 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1719,7 +1719,7 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, workflow->stats.mpls_count++; type = ETH_P_IP, ip_offset += 4; - while(!mpls.mpls.s) { + while(!mpls.mpls.s && (((bpf_u_int32)ip_offset) + 4 < header->caplen)) { mpls.u32 = *((uint32_t *) &packet[ip_offset]); mpls.u32 = ntohl(mpls.u32); ip_offset += 4; |