Fixed missing length check in fbzero.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

3 files changed, 7 insertions, 1 deletions

diff --git a/src/lib/protocols/fbzero.c b/src/lib/protocols/fbzero.c
index 6c818e3c7..936d99e84 100644
--- a/src/lib/protocols/fbzero.c
+++ b/src/lib/protocols/fbzero.c
@@ -85,9 +85,12 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct,
 	char *value = (char*)&packet->payload[data_offset + data_prev_offset];
 	u_int tag_len = t->tag_offset_len-data_prev_offset, max_len;
 	ndpi_protocol_match_result ret_match;
-	
+
 	max_len = ndpi_min(tag_len, sizeof(flow->host_server_name)-1);
 
+	if (data_offset + data_prev_offset + max_len >= packet->payload_packet_len) {
+		return;
+	}
 	strncpy((char*)flow->host_server_name, value, max_len);
 	flow->host_server_name[max_len] = '\0';
 
diff --git a/tests/pcap/fbzero-missing-lengthcheck.pcap b/tests/pcap/fbzero-missing-lengthcheck.pcap
new file mode 100644
index 000000000..32855cebc
--- /dev/null
+++ b/tests/pcap/fbzero-missing-lengthcheck.pcap
diff --git a/tests/result/fbzero-missing-lengthcheck.pcap.out b/tests/result/fbzero-missing-lengthcheck.pcap.out
new file mode 100644
index 000000000..ce990aca9
--- /dev/null
+++ b/tests/result/fbzero-missing-lengthcheck.pcap.out
@@ -0,0 +1,3 @@
+Facebook	1	175	1
+
+	1	TCP 10.106.97.215:44933 -> 157.240.13.14:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][1 pkts/175 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]