diff options
| author | Luca Deri <lucaderi@users.noreply.github.com> | 2019-12-18 19:29:23 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-12-18 19:29:23 +0100 |
| commit | 27ea04c08ef72e78604308624bf31735aa2e8e98 (patch) | |
| tree | df677cca7a416bf6f11d55d6581ba5bcbb9f52a3 | |
| parent | 5c225b8a2ef5f89ab99256481065d969863a6018 (diff) | |
| parent | 843204299c79c55c736231c06db98def2b3a6bba (diff) | |
Merge pull request #824 from catenacyber/stunfix
Fix read buffer overflow in stun
| -rw-r--r-- | src/lib/protocols/stun.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index d5114204f..cc38722e0 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -314,7 +314,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * https://en.wikipedia.org/wiki/Skype_for_Business */ - while((offset+2) < payload_length) { + while((offset+4) < payload_length) { u_int16_t attribute = ntohs(*((u_int16_t*)&payload[offset])); u_int16_t len = ntohs(*((u_int16_t*)&payload[offset+2])); u_int16_t x = (len + 4) % 4; |