aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIvan Nardi <12729895+IvanNardi@users.noreply.github.com>2021-05-09 15:10:41 +0200
committerGitHub <noreply@github.com>2021-05-09 15:10:41 +0200
commit2ca37ff8be2e5c1f273a7eb1fb4106c65c95217e (patch)
tree30fca588acf7f9e6c58fe0a7c4da8ba61d3a79c0
parent12c6ab768d716aa54a343a82ac333c9c5fb02af4 (diff)
TLS: fix extraction for TLS signature algorithms (#1180)
``` ==69562==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6100009000fb at pc 0x7f41882003a7 bp 0x7f4183cfbfc0 sp 0x7f4183cfb768 READ of size 32 at 0x6100009000fb thread T1 #0 0x7f41882003a6 in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 #1 0x560b2d7462a1 in processClientServerHello protocols/tls.c:1647 #2 0x560b2d73be6a in processTLSBlock protocols/tls.c:712 #3 0x560b2d73e61f in ndpi_search_tls_udp protocols/tls.c:968 ```
Diffstat
-rw-r--r--src/lib/protocols/tls.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 7ef8bdf1a..1fdaf5dee 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1642,7 +1642,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
tot_signature_algorithms_len = ndpi_min((sizeof(ja3.client.signature_algorithms) / 2) - 1, tot_signature_algorithms_len);
#ifdef TLS_HANDLE_SIGNATURE_ALGORITMS
- flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms = ndpi_min(tot_signature_algorithms_len, MAX_NUM_TLS_SIGNATURE_ALGORITHMS);
+ flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms = ndpi_min(tot_signature_algorithms_len / 2, MAX_NUM_TLS_SIGNATURE_ALGORITHMS);
memcpy(flow->protos.tls_quic_stun.tls_quic.client_signature_algorithms,
&packet->payload[s_offset], 2 /* 16 bit */*flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms);
Powered by cgit, Themed by Ted Yin.