diff options
| author | Luca Deri <lucaderi@users.noreply.github.com> | 2020-02-28 14:39:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-28 14:39:17 +0100 |
| commit | 9f72b15fffe21257910490ade8fb908659b01f54 (patch) | |
| tree | b8c62970596456666cb91a1a79a0ae07cf933ab3 | |
| parent | d4c093e828ea0d361b185627101c6ab7d319485e (diff) | |
| parent | 6fe95358812323fcf614fba8f8e5a43f43d164bb (diff) | |
Merge pull request #850 from catenacyber/fuzz4fix
Fuzz4fix
| -rw-r--r-- | example/reader_util.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/bittorrent.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/mail_imap.c | 2 |
3 files changed, 5 insertions, 3 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index 7ab060ef5..432dadbef 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1359,7 +1359,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, return(nproto); } - if(!flow->detection_completed) { + if(!flow->detection_completed && payload_len > 0) { u_int enough_packets = (((proto == IPPROTO_UDP) && ((flow->src2dst_packets + flow->dst2src_packets) > max_num_udp_dissected_pkts)) || ((proto == IPPROTO_TCP) && ((flow->src2dst_packets + flow->dst2src_packets) > max_num_tcp_dissected_pkts))) ? 1 : 0; @@ -1709,6 +1709,8 @@ ether_type_check: } if(workflow->prefs.decode_tunnels && (proto == IPPROTO_UDP)) { + if (header->caplen < ip_offset + ip_len + sizeof(struct ndpi_udphdr)) + return(nproto); /* Too short for UDP header*/ struct ndpi_udphdr *udp = (struct ndpi_udphdr *)&packet[ip_offset+ip_len]; u_int16_t sport = ntohs(udp->source), dport = ntohs(udp->dest); diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index a1ade79b2..d0773e43a 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -72,7 +72,7 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc } else bt_hash = (const char*)&flow->packet.payload[28]; - if(bt_hash) memcpy(flow->protos.bittorrent.hash, bt_hash, 20); + if(bt_hash && flow->packet.payload_packet_len >= 20 + (bt_hash-flow->packet.payload)) memcpy(flow->protos.bittorrent.hash, bt_hash, 20); } ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN); diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index 99b386205..c3a18c065 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -161,7 +161,7 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, && (packet->payload[command_start + 4] == 'N' || packet->payload[command_start + 4] == 'n')) { /* xxxx LOGIN "username" "password" */ char str[256], *item; - u_int len = packet->payload_packet_len > sizeof(str) ? sizeof(str) : packet->payload_packet_len; + u_int len = packet->payload_packet_len >= sizeof(str) ? sizeof(str)-1 : packet->payload_packet_len; strncpy(str, (const char*)packet->payload, len); str[len] = '\0'; |