Update radius.c to RFC2865

According to RFC2865 code can have value up to 13, also payload length ranges should be applied.

1 files changed, 4 insertions, 1 deletions

diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c
index 1c85f48d7..209e71177 100644
--- a/src/lib/protocols/radius.c
+++ b/src/lib/protocols/radius.c
@@ -39,10 +39,13 @@ static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct,
 
   if(packet->udp != NULL) {
     struct radius_header *h = (struct radius_header*)packet->payload;
+    /* RFC2865: The minimum length is 20 and maximum length is 4096. */
+    if((payload_len < 20) || (payload_len > 4096))
+	return;
 
     if((payload_len > sizeof(struct radius_header))
        && (h->code > 0)
-       && (h->code <= 5)
+       && (h->code <= 13)
        && (ntohs(h->len) == payload_len)) {
       NDPI_LOG_INFO(ndpi_struct, "Found radius\n");
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RADIUS, NDPI_PROTOCOL_UNKNOWN);