Merge pull request #897 from catenacyber/fuzzoracle

Adds bound check in oracle protocol
author: Luca Deri <lucaderi@users.noreply.github.com> 2020-05-12 13:53:55 +0200
committer: GitHub <noreply@github.com> 2020-05-12 13:53:55 +0200
commit: 17235d234eb6a55fd0753ab4f3b6fc8f66eb7659 (patch)
tree: 281e98b21d05a7c6edf1b0024c38878eaf4675cf
parent: db16a987c57c2fa097b5efabb66cef16caeddb03 (diff)
parent: b69177be2fbe01c2442239a61832c44e40136c05 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c
index 6ad6bac4c..a24837a68 100644
--- a/src/lib/protocols/oracle.c
+++ b/src/lib/protocols/oracle.c
@@ -43,7 +43,7 @@ void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct
     NDPI_LOG_DBG2(ndpi_struct, "calculating ORACLE over tcp\n");
     /* Oracle Database 9g,10g,11g */
     if ((dport == 1521 || sport == 1521)
-	&&  (((packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00))
+	&&  (((packet->payload_packet_len >= 3 && packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00))
 	     || ((packet->payload_packet_len >= 232) && ((packet->payload[0] == 0x00) || (packet->payload[0] == 0x01)) 
 	     && (packet->payload[1] != 0x00)
 	     && (packet->payload[2] == 0x00)
author	Luca Deri <lucaderi@users.noreply.github.com>	2020-05-12 13:53:55 +0200
committer	GitHub <noreply@github.com>	2020-05-12 13:53:55 +0200
commit	17235d234eb6a55fd0753ab4f3b6fc8f66eb7659 (patch)
tree	281e98b21d05a7c6edf1b0024c38878eaf4675cf
parent	db16a987c57c2fa097b5efabb66cef16caeddb03 (diff)
parent	b69177be2fbe01c2442239a61832c44e40136c05 (diff)