Enhanced string boundary check to avoid crashes with malformed packets

author: Luca Deri <deri@ntop.org> 2016-06-14 20:25:23 +0200
committer: Luca Deri <deri@ntop.org> 2016-06-14 20:25:23 +0200
commit: 6c83cd627f13649a62dc9d5821fb5a0397951b81 (patch)
tree: e57f4b365b052107d2b202fa5af485a9fd5f61e2 /src/lib/protocols/dns.c
parent: ed09d78ed9a9b52dc655559c9019e929c7967f39 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 4c7f315c3..f95ebbc36 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -185,15 +185,17 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
       }
 
       /* extract host name server */
-      int j = 0, off = sizeof(struct ndpi_dns_packet_header) + 1;
+      int j = 0, max_len = sizeof(flow->host_server_name)-1, off = sizeof(struct ndpi_dns_packet_header) + 1;
 
       while(flow->packet.payload[off] != '\0' && off < flow->packet.payload_packet_len) {
 	flow->host_server_name[j] = flow->packet.payload[off];
-	if(j < strlen((char*)flow->host_server_name)) {
+	if(j < max_len) {
 	  if(flow->host_server_name[j] < ' ')
 	    flow->host_server_name[j] = '.';
 	  j++;
-	}
+	} else
+	  break;
+
 	off++;
       }
       flow->host_server_name[j] = '\0';
author	Luca Deri <deri@ntop.org>	2016-06-14 20:25:23 +0200
committer	Luca Deri <deri@ntop.org>	2016-06-14 20:25:23 +0200
commit	6c83cd627f13649a62dc9d5821fb5a0397951b81 (patch)
tree	e57f4b365b052107d2b202fa5af485a9fd5f61e2 /src/lib/protocols/dns.c
parent	ed09d78ed9a9b52dc655559c9019e929c7967f39 (diff)