Added check for heap buffer overflow read

1 files changed, 7 insertions, 1 deletions

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 7199f72eb..a062cdc8c 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4807,29 +4807,34 @@ u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t *str, u_int16_t max_chars_to_re
   u_int16_t read = 0;
   u_int16_t oldread;
   u_int32_t c;
+
   /* ip address must be X.X.X.X with each X between 0 and 255 */
   oldread = read;
   c = ndpi_bytestream_to_number(str, max_chars_to_read, &read);
   if(c > 255 || oldread == read || max_chars_to_read == read || str[read] != '.')
     return(0);
+  
   read++;
   val = c << 24;
   oldread = read;
   c = ndpi_bytestream_to_number(&str[read], max_chars_to_read - read, &read);
   if(c > 255 || oldread == read || max_chars_to_read == read || str[read] != '.')
     return(0);
+  
   read++;
   val = val + (c << 16);
   oldread = read;
   c = ndpi_bytestream_to_number(&str[read], max_chars_to_read - read, &read);
   if(c > 255 || oldread == read || max_chars_to_read == read || str[read] != '.')
     return(0);
+  
   read++;
   val = val + (c << 8);
   oldread = read;
   c = ndpi_bytestream_to_number(&str[read], max_chars_to_read - read, &read);
   if(c > 255 || oldread == read || max_chars_to_read == read)
     return(0);
+  
   val = val + c;
 
   *bytes_read = *bytes_read + read;
@@ -4869,9 +4874,10 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_str,
 	int diff; /* No unsigned ! */
 	u_int32_t a1 = a + 4;
 
-	diff = ndpi_min(packet->payload_packet_len-a1, sizeof(flow->initial_binary_bytes));
+	diff = packet->payload_packet_len - a1;
 
 	if(diff > 0) {
+	  diff = ndpi_min(diff, sizeof(flow->initial_binary_bytes));
 	  memcpy(&flow->initial_binary_bytes, &packet->payload[a1], diff);
 	  flow->initial_binary_bytes_len = diff;
 	}