Merge pull request #846 from catenacyber/fuzzofix

Fix various buffer over reads
author: Luca Deri <lucaderi@users.noreply.github.com> 2020-02-19 22:55:18 +0100
committer: GitHub <noreply@github.com> 2020-02-19 22:55:18 +0100
commit: 080e23e30ebc1940be5f503b84cb397fea1323cb (patch)
tree: caa75d20f0f3bdd1a6b8f2402e0670f1b18d31af /example/reader_util.c
parent: edce5a8c1fbdf7fd7362e4ca3b44da52356487fc (diff)
parent: ee979ac14ab8ff477ac9b331f60fd686d21bb548 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/example/reader_util.c b/example/reader_util.c
index ec070afb3..7ab060ef5 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1476,10 +1476,11 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow,
   datalink_type = (int)pcap_datalink(workflow->pcap_handle);
 #endif
 
-  if(header->caplen < 40)
-    return(nproto); /* Too short */
 
  datalink_check:
+  if(header->caplen < eth_offset + 40)
+    return(nproto); /* Too short */
+
   switch(datalink_type) {
   case DLT_NULL:
     if(ntohl(*((u_int32_t*)&packet[eth_offset])) == 2)
@@ -1680,6 +1681,8 @@ ether_type_check:
       return(nproto);
     }
   } else if(iph->version == 6) {
+    if (header->caplen < ip_offset + sizeof(struct ndpi_ipv6hdr))
+      return(nproto); /* Too short for IPv6 header*/
     iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset];
     proto = iph6->ip6_hdr.ip6_un1_nxt;
     ip_len = sizeof(struct ndpi_ipv6hdr);
author	Luca Deri <lucaderi@users.noreply.github.com>	2020-02-19 22:55:18 +0100
committer	GitHub <noreply@github.com>	2020-02-19 22:55:18 +0100
commit	080e23e30ebc1940be5f503b84cb397fea1323cb (patch)
tree	caa75d20f0f3bdd1a6b8f2402e0670f1b18d31af /example/reader_util.c
parent	edce5a8c1fbdf7fd7362e4ca3b44da52356487fc (diff)
parent	ee979ac14ab8ff477ac9b331f60fd686d21bb548 (diff)