Adds bound check before calling ndpi_handle_ipv6_extension_headers

author: Philippe Antoine <contact@catenacyber.fr> 2020-04-17 22:21:03 +0200
committer: Philippe Antoine <contact@catenacyber.fr> 2020-04-17 22:21:03 +0200
commit: da0889d3ba9c83bf65c8a5656c31ab54f6252329 (patch)
tree: 34e23fa96dac76169311bd732b920c8c2b0849ff /example/reader_util.c
parent: 94eee66a7b49a32ff482ecee77fa7bb8534c5772 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/example/reader_util.c b/example/reader_util.c
index 94aafca2f..1c20bbf4c 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1700,6 +1700,9 @@ ether_type_check:
     iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset];
     proto = iph6->ip6_hdr.ip6_un1_nxt;
     ip_len = ntohs(iph6->ip6_hdr.ip6_un1_plen);
+    if (header->caplen < ip_offset + sizeof(struct ndpi_ipv6hdr + ntohs(iph_v6->ip6_hdr.ip6_un1_plen))
+      return(nproto); /* Too short for IPv6 payload*/
+
 
     const u_int8_t *l4ptr = (((const u_int8_t *) iph6) + sizeof(struct ndpi_ipv6hdr));
     if(ndpi_handle_ipv6_extension_headers(NULL, &l4ptr, &ip_len, &proto) != 0) {
author	Philippe Antoine <contact@catenacyber.fr>	2020-04-17 22:21:03 +0200
committer	Philippe Antoine <contact@catenacyber.fr>	2020-04-17 22:21:03 +0200
commit	da0889d3ba9c83bf65c8a5656c31ab54f6252329 (patch)
tree	34e23fa96dac76169311bd732b920c8c2b0849ff /example/reader_util.c
parent	94eee66a7b49a32ff482ecee77fa7bb8534c5772 (diff)