Merge pull request #856 from catenacyber/fuzzfix5

Fuzzfix5
author: Luca Deri <lucaderi@users.noreply.github.com> 2020-03-12 18:13:30 +0100
committer: GitHub <noreply@github.com> 2020-03-12 18:13:30 +0100
commit: 70ee793ff3dac24af0d0526cc40ff3639fa3feed (patch)
tree: 98d9edf7d15895b694f4752615c5aee617df9945 /src/lib/protocols/capwap.c
parent: 1e933e8b026f6f88f27d64ec2260013f38d268d0 (diff)
parent: 7806eb5f5b02fd78de1db20caeebc56088ebec3e (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/protocols/capwap.c b/src/lib/protocols/capwap.c
index bfad1a593..33b20fcab 100644
--- a/src/lib/protocols/capwap.c
+++ b/src/lib/protocols/capwap.c
@@ -66,10 +66,12 @@ static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_s
     else
       offset = 15, to_add = 17;
 
-    msg_len = ntohs(*(u_int16_t*)&packet->payload[offset]);
+    if (packet->payload_packet_len >= offset + sizeof(u_int16_t)) {
+      msg_len = ntohs(*(u_int16_t*)&packet->payload[offset]);
 
-    if((msg_len+to_add) == packet->payload_packet_len)
-      goto capwap_found;
+      if((msg_len+to_add) == packet->payload_packet_len)
+        goto capwap_found;
+    }
   }
   
   if(
author	Luca Deri <lucaderi@users.noreply.github.com>	2020-03-12 18:13:30 +0100
committer	GitHub <noreply@github.com>	2020-03-12 18:13:30 +0100
commit	70ee793ff3dac24af0d0526cc40ff3639fa3feed (patch)
tree	98d9edf7d15895b694f4752615c5aee617df9945 /src/lib/protocols/capwap.c
parent	1e933e8b026f6f88f27d64ec2260013f38d268d0 (diff)
parent	7806eb5f5b02fd78de1db20caeebc56088ebec3e (diff)