Added check for preventing TLS misbehavior

author: Luca Deri <deri@ntop.org> 2020-01-09 17:14:37 +0100
committer: Luca Deri <deri@ntop.org> 2020-01-09 17:14:37 +0100
commit: 5987ec6014d4006a314f5680ca7b667800db28d2 (patch)
tree: de82a416d47f6f8750d0d7aa2819c968321d1eb2 /src/lib/protocols/tls.c
parent: 757b0c602fbae0de358988efadf2f3c263b72b46 (diff)
1 files changed, 7 insertions, 4 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index b0e192baa..08ce81edd 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -569,10 +569,13 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
     packet->payload = p, packet->payload_packet_len = p_len; /* Restore */
     flow->l4.tcp.tls.message.buffer_used -= len;
 
-    memmove(flow->l4.tcp.tls.message.buffer,
-	    &flow->l4.tcp.tls.message.buffer[len],
-	    flow->l4.tcp.tls.message.buffer_used);
-
+    if(flow->l4.tcp.tls.message.buffer_used > 0)
+      memmove(flow->l4.tcp.tls.message.buffer,
+	      &flow->l4.tcp.tls.message.buffer[len],
+	      flow->l4.tcp.tls.message.buffer_used);
+    else
+      break;
+	
 #ifdef DEBUG_TLS_MEMORY
     printf("[TLS Mem] Left memory buffer %u bytes\n", flow->l4.tcp.tls.message.buffer_used);
 #endif
author	Luca Deri <deri@ntop.org>	2020-01-09 17:14:37 +0100
committer	Luca Deri <deri@ntop.org>	2020-01-09 17:14:37 +0100
commit	5987ec6014d4006a314f5680ca7b667800db28d2 (patch)
tree	de82a416d47f6f8750d0d7aa2819c968321d1eb2 /src/lib/protocols/tls.c
parent	757b0c602fbae0de358988efadf2f3c263b72b46 (diff)