diff options
| author | emanuele-f <black.silver@hotmail.it> | 2019-11-11 10:18:55 +0100 |
|---|---|---|
| committer | emanuele-f <black.silver@hotmail.it> | 2019-11-11 10:18:55 +0100 |
| commit | 748f10c0d64e798df9ac66199c11d4897d4513f8 (patch) | |
| tree | decb90ab8a741dd5e275e21c1fd6a128ce3f639d | |
| parent | 8181d63a95cdf8ff593e602d84a48c341338974d (diff) | |
Fix possible crash due to unsigned int number wrapping
| -rw-r--r-- | src/lib/protocols/tls.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index c65d4fc69..9d22a66db 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -764,7 +764,12 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct return(1); /* More packets please */ else if(flow->l4.tcp.tls_srv_cert_fingerprint_processed) return(0); /* We're good */ - + + if(packet->payload_packet_len <= flow->l4.tcp.tls_record_offset) { + /* Avoid invalid memory accesses */ + return(1); + } + if(flow->l4.tcp.tls_fingerprint_len > 0) { unsigned int avail = packet->payload_packet_len - flow->l4.tcp.tls_record_offset; @@ -817,11 +822,6 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct } } - if(packet->payload_packet_len <= flow->l4.tcp.tls_record_offset) { - /* Avoid invalid memory accesses */ - return(1); - } - if(packet->payload[flow->l4.tcp.tls_record_offset] == 0x15 /* Alert */) { u_int len = ntohs(*(u_int16_t*)&packet->payload[flow->l4.tcp.tls_record_offset+3]) + 5 /* SSL header len */; |