Fixed heap overflow caused by missing lengthcheck in 802.11 LLC header parsing.

* triggered by fuzz traces from wireshark Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2020-07-10 00:12:27 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2020-07-11 13:10:03 +0200
commit: 96c193cf795fbe7b55f8633404884099fcdc0d80 (patch)
tree: 3d571525efd3d37418994d712c1a2d9393d6ad61 /example/reader_util.c
parent: 12abcd516b468f6e0070308fa57052b93aa3a3ca (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/example/reader_util.c b/example/reader_util.c
index 55dc0c667..9ad70ea53 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1686,6 +1686,8 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow,
       break;
 
     /* Check ether_type from LLC */
+    if(header->caplen < (eth_offset + wifi_len + radio_len + sizeof(struct ndpi_llc_header_snap)))
+      return(nproto);
     llc = (struct ndpi_llc_header_snap*)(packet + eth_offset + wifi_len + radio_len);
     if(llc->dsap == SNAP)
       type = ntohs(llc->snap.proto_ID);
author	Toni Uhlig <matzeton@googlemail.com>	2020-07-10 00:12:27 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2020-07-11 13:10:03 +0200
commit	96c193cf795fbe7b55f8633404884099fcdc0d80 (patch)
tree	3d571525efd3d37418994d712c1a2d9393d6ad61 /example/reader_util.c
parent	12abcd516b468f6e0070308fa57052b93aa3a3ca (diff)