diff options
| author | emanuele-f <faranda@ntop.org> | 2020-02-13 10:46:30 +0100 |
|---|---|---|
| committer | emanuele-f <faranda@ntop.org> | 2020-02-13 10:46:30 +0100 |
| commit | d4ae8a5f164167ef4fcf5b76b743e92b9e76d9dd (patch) | |
| tree | c6887a16ba4c4579cbf5fc0492e97cad001a0a56 /src/lib/protocols/mail_smtp.c | |
| parent | 7234f369499e02f44efcbbf0efe43bae596ddc53 (diff) | |
Fix memory invalid access in SMTP and leaks in TLS
Diffstat (limited to 'src/lib/protocols/mail_smtp.c')
| -rw-r--r-- | src/lib/protocols/mail_smtp.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 045601f78..0b4c47be8 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -143,7 +143,7 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, u_char *out; size_t out_len; - ndpi_user_pwd_payload_copy(buf, sizeof(buf)-1, 0, + ndpi_user_pwd_payload_copy(buf, sizeof(buf), 0, packet->line[a].ptr, packet->line[a].len); #ifdef SMTP_DEBUG @@ -176,8 +176,11 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, out = ndpi_base64_decode((const u_char*)buf, (size_t)strlen((const char*)buf), &out_len); if(out) { - snprintf(flow->protos.ftp_imap_pop_smtp.password, - sizeof(flow->protos.ftp_imap_pop_smtp.password), "%s", out); + size_t len = ndpi_min(out_len, sizeof(flow->protos.ftp_imap_pop_smtp.password) - 1); + + memcpy(flow->protos.ftp_imap_pop_smtp.password, out, len); + flow->protos.ftp_imap_pop_smtp.password[len] = '\0'; + ndpi_free(out); } } else { |