FIX H.323 broken detection

TPKT header length field can have value more then 255, and in fact in all of the cases I've met it is more then 255. Thus checking real H.323 packet like this: (packet->payload[2] == 0x00) stop detecting H.323 conversation at all.
author: u-devel <36368802+u-devel@users.noreply.github.com> 2019-01-13 00:07:45 +0600
committer: GitHub <noreply@github.com> 2019-01-13 00:07:45 +0600
commit: 1d155ab2ebb29f30e830713c1b8eefecd03a16d1 (patch)
tree: 09f4bd8d261917fa28c8d6bb57ca4244dbf1b239
parent: 97bdfe295d3f7318d1eac3e0020b3b13004f008d (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c
index ddbcdadf3..d407c981b 100644
--- a/src/lib/protocols/h323.c
+++ b/src/lib/protocols/h323.c
@@ -31,8 +31,7 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n
     /* H323  */
     if(packet->payload_packet_len >= 3
        && (packet->payload[0] == 0x03)
-       && (packet->payload[1] == 0x00)
-       && (packet->payload[2] == 0x00)) {
+       && (packet->payload[1] == 0x00)) {
 	struct tpkt *t = (struct tpkt*)packet->payload;
 	u_int16_t len = ntohs(t->len);
author	u-devel <36368802+u-devel@users.noreply.github.com>	2019-01-13 00:07:45 +0600
committer	GitHub <noreply@github.com>	2019-01-13 00:07:45 +0600
commit	1d155ab2ebb29f30e830713c1b8eefecd03a16d1 (patch)
tree	09f4bd8d261917fa28c8d6bb57ca4244dbf1b239
parent	97bdfe295d3f7318d1eac3e0020b3b13004f008d (diff)