Adds bound check in oracle protocol

Found by oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
author: Philippe Antoine <contact@catenacyber.fr> 2020-05-10 15:04:23 +0200
committer: Philippe Antoine <contact@catenacyber.fr> 2020-05-10 15:04:23 +0200
commit: b69177be2fbe01c2442239a61832c44e40136c05 (patch)
tree: 7e6364f628468559f640a423367a6170a1310112 /src/lib/protocols/oracle.c
parent: 39ae57e6a3d93cb91def5d76fc54e89075f01867 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c
index 6ad6bac4c..a24837a68 100644
--- a/src/lib/protocols/oracle.c
+++ b/src/lib/protocols/oracle.c
@@ -43,7 +43,7 @@ void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct
     NDPI_LOG_DBG2(ndpi_struct, "calculating ORACLE over tcp\n");
     /* Oracle Database 9g,10g,11g */
     if ((dport == 1521 || sport == 1521)
-	&&  (((packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00))
+	&&  (((packet->payload_packet_len >= 3 && packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00))
 	     || ((packet->payload_packet_len >= 232) && ((packet->payload[0] == 0x00) || (packet->payload[0] == 0x01)) 
 	     && (packet->payload[1] != 0x00)
 	     && (packet->payload[2] == 0x00)
author	Philippe Antoine <contact@catenacyber.fr>	2020-05-10 15:04:23 +0200
committer	Philippe Antoine <contact@catenacyber.fr>	2020-05-10 15:04:23 +0200
commit	b69177be2fbe01c2442239a61832c44e40136c05 (patch)
tree	7e6364f628468559f640a423367a6170a1310112 /src/lib/protocols/oracle.c
parent	39ae57e6a3d93cb91def5d76fc54e89075f01867 (diff)