QUIC: fix an integer overflow (#1396) - libndpi.git - Open Source Deep Packet Inspection Software Toolkit

diff options

author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2022-01-11 17:57:34 +0100
committer	GitHub <noreply@github.com>	2022-01-11 17:57:34 +0100
commit	06f3b079093a202a9565bbd27b6b278dc15f420d (patch)
tree	41335c72789dc1f6f30440d5bdd6ef807e2463f0 /example/intrusion_detection.c
parent	3a087e951d96f509c75344ad6791591e10e4f1cd (diff)

QUIC: fix an integer overflow (#1396)

Reported by oss-fuzz: ``` ==685288==ERROR: AddressSanitizer: SEGV on unknown address 0x61a100000687 (pc 0x0000005aba64 bp 0x7ffe3f29f510 sp 0x7ffe3f29f400 T0) ==685288==The signal is caused by a READ memory access. SCARINESS: 20 (wild-addr-read) #0 0x5aba64 in quic_len ndpi/src/lib/protocols/quic.c:203:12 #1 0x5aba64 in decrypt_initial_packet ndpi/src/lib/protocols/quic.c:993:16 #2 0x5aba64 in get_clear_payload ndpi/src/lib/protocols/quic.c:1302:21 #3 0x5aba64 in ndpi_search_quic ndpi/src/lib/protocols/quic.c:1658:19 #4 0x579f00 in check_ndpi_detection_func ndpi/src/lib/ndpi_main.c:4683:6 #5 0x57abe6 in ndpi_check_flow_func ndpi/src/lib/ndpi_main.c:0 #6 0x583b2c in ndpi_detection_process_packet ndpi/src/lib/ndpi_main.c:5545:15 #7 0x55e75e in LLVMFuzzerTestOneInput ndpi/fuzz/fuzz_process_packet.c:30:3 [...] ```

Diffstat (limited to 'example/intrusion_detection.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: