Fix leaks and sha1 certificate detection

author: emanuele-f <faranda@ntop.org> 2020-01-02 14:39:51 +0100
committer: emanuele-f <faranda@ntop.org> 2020-01-02 14:39:51 +0100
commit: 798bb6e2e113f10d9b710179553e4cef23222a61 (patch)
tree: e200ef28aca2890291a3a3657a7c1ee3bf20596f /src/lib/protocols/tls.c
parent: 2332cbfefec9a64c77e5c30530f0e397a1388470 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 88bfa7590..655de7e2f 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -394,7 +394,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 		flow->protos.stun_ssl.ssl.server_names = newstr;
 		flow->protos.stun_ssl.ssl.server_names[flow->protos.stun_ssl.ssl.server_names_len] = ',';
 		strncpy(&flow->protos.stun_ssl.ssl.server_names[flow->protos.stun_ssl.ssl.server_names_len+1],
-			dNSName, dNSName_len-1);
+			dNSName, dNSName_len+1);
 		flow->protos.stun_ssl.ssl.server_names[newstr_len] = '\0';
 		flow->protos.stun_ssl.ssl.server_names_len = newstr_len;
 	      }
@@ -581,7 +581,7 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
     /* Split the element in blocks */
     u_int16_t processed = 5;
       
-    while(processed < len) {
+    while((processed+4) < len) {
       const u_int8_t *block = (const u_int8_t *)&flow->l4.tcp.tls.message.buffer[processed];
       u_int16_t block_len   = (block[1] << 16) + (block[2] << 8) + block[3];
author	emanuele-f <faranda@ntop.org>	2020-01-02 14:39:51 +0100
committer	emanuele-f <faranda@ntop.org>	2020-01-02 14:39:51 +0100
commit	798bb6e2e113f10d9b710179553e4cef23222a61 (patch)
tree	e200ef28aca2890291a3a3657a7c1ee3bf20596f /src/lib/protocols/tls.c
parent	2332cbfefec9a64c77e5c30530f0e397a1388470 (diff)