Fixed QUIC crash

author: theirix <theirix@gmail.com> 2016-08-07 22:36:36 +0300
committer: theirix <theirix@gmail.com> 2016-08-07 22:37:36 +0300
commit: 49810055721ee981527ac1b65e0e37dd32eade85 (patch)
tree: 281cb799bc6a6fbe24dcfa4afaada42b2a4087af /src/lib/protocols/quic.c
parent: 9e207f7f24fd693c8d5a095db43dd7077e9fc903 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index 6e1ad77cc..8050a9b61 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -82,7 +82,8 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
     NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found QUIC.\n");
     ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_PROTOCOL_UNKNOWN);
 
-    if(!strncmp((char*)&packet->payload[quic_hlen+17], "CHLO" /* Client Hello */, 4)) {
+    if(udp_len > quic_hlen + 17 + 4 &&
+         !strncmp((char*)&packet->payload[quic_hlen+17], "CHLO" /* Client Hello */, 4)) {
       /* Check if SNI (Server Name Identification) is present */
       for(i=quic_hlen+12; i<udp_len-3; i++) {
 	if((packet->payload[i] == 'S')
@@ -94,7 +95,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
 	  int len = offset-prev_offset;
 	  int sni_offset = i+prev_offset+1;
 
-	  while((packet->payload[sni_offset] == '-') && (sni_offset < udp_len))
+	  while((sni_offset < udp_len) && (packet->payload[sni_offset] == '-'))
 	    sni_offset++;
 
 	  if((sni_offset+len) < udp_len) {
author	theirix <theirix@gmail.com>	2016-08-07 22:36:36 +0300
committer	theirix <theirix@gmail.com>	2016-08-07 22:37:36 +0300
commit	49810055721ee981527ac1b65e0e37dd32eade85 (patch)
tree	281cb799bc6a6fbe24dcfa4afaada42b2a4087af /src/lib/protocols/quic.c
parent	9e207f7f24fd693c8d5a095db43dd7077e9fc903 (diff)