diff options
| author | emanuele-f <faranda@ntop.org> | 2019-12-04 18:34:08 +0100 |
|---|---|---|
| committer | emanuele-f <faranda@ntop.org> | 2019-12-04 18:34:08 +0100 |
| commit | 226a9abf2235fd9e87353ffe727babad71fb7274 (patch) | |
| tree | 2bd41b665a744ac14653d0b6f795b2aeb74723b4 /src/lib/protocols/tls.c | |
| parent | f26096ee4cf730244b3db577259f84b0cd37e521 (diff) | |
Additional memory bounds checks
Diffstat (limited to 'src/lib/protocols/tls.c')
| -rw-r--r-- | src/lib/protocols/tls.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 2f4959b81..ed92814d9 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -874,7 +874,7 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct return(0); /* That's all */ } else if(flow->l4.tcp.tls_seen_certificate) return(0); /* That's all */ - else if(packet->payload_packet_len > flow->l4.tcp.tls_record_offset+7) { + else if(packet->payload_packet_len > flow->l4.tcp.tls_record_offset+7+1/* +1 because we are going to read 2 bytes */) { /* This is a handshake but not a certificate record */ u_int16_t len = ntohs(*(u_int16_t*)&packet->payload[flow->l4.tcp.tls_record_offset+7]); |