diff options
author | Luca Deri <lucaderi@users.noreply.github.com> | 2020-07-08 17:14:45 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-07-08 17:14:45 +0200 |
commit | 4f794aec22a73d4b06f42c7472460226f990c8b6 (patch) | |
tree | 80c264e57eb97efa9e5892ee1750b11c16a6694b | |
parent | 5be9370cd2aec01568dcea44bea62c2f5bab83cc (diff) | |
parent | ccb30a04ad6f7b0e954549c3e961312b143bc511 (diff) |
Merge pull request #955 from lnslbrty/fix/heap-overflow-thunder
Fixed thunder protocol detection heap overflow caused by missing leng…
-rw-r--r-- | src/lib/protocols/thunder.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index 30194d153..4d477499d 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -118,6 +118,7 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct packet->content_line.len == 24 && memcmp(packet->content_line.ptr, "application/octet-stream", 24) == 0 && packet->empty_line_position_set < (packet->payload_packet_len - 8) + && packet->payload_packet_len > (packet->empty_line_position + 5) && packet->payload[packet->empty_line_position + 2] >= 0x30 && packet->payload[packet->empty_line_position + 2] < 0x40 && packet->payload[packet->empty_line_position + 3] == 0x00 |