Merge pull request #859 from catenacyber/fuzzudpfix

Checks enough data for UDP header
author: Luca Deri <lucaderi@users.noreply.github.com> 2020-03-20 18:02:27 +0100
committer: GitHub <noreply@github.com> 2020-03-20 18:02:27 +0100
commit: a845e997209b987ef85a2562697d4d0522cb0c66 (patch)
tree: 04a9b505c8af0b5f4d8c32a774edfaf9936fbd1c /src/lib/protocols/tls.c
parent: 8cda02bb14bad44ae71317b322d895305245e713 (diff)
parent: 3e259aac986bc86aa89adc2994811bb6f26a0649 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 8c351053a..d32584b05 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -735,7 +735,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
     u_int16_t base_offset    = packet->tcp ? 38 : 46;
     u_int16_t version_offset = packet->tcp ? 4 : 12;
     u_int16_t offset = 38, extension_len, j;
-    u_int8_t  session_id_len =  packet->tcp ? packet->payload[offset] : packet->payload[46];
+    u_int8_t  session_id_len =  0;
+    if (base_offset < total_len)
+      session_id_len = packet->payload[base_offset];
 
 #ifdef DEBUG_TLS
     printf("SSL [len: %u][handshake_type: %02X]\n", packet->payload_packet_len, handshake_type);
@@ -1134,10 +1136,10 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 			version_str_len += rc;
 		    }
 		  }
-		}
-
 		if(flow->protos.stun_ssl.ssl.tls_supported_versions == NULL)
 		  flow->protos.stun_ssl.ssl.tls_supported_versions = ndpi_strdup(version_str);
+		}
+
 	      }
 	      
 	      extension_offset += extension_len;
author	Luca Deri <lucaderi@users.noreply.github.com>	2020-03-20 18:02:27 +0100
committer	GitHub <noreply@github.com>	2020-03-20 18:02:27 +0100
commit	a845e997209b987ef85a2562697d4d0522cb0c66 (patch)
tree	04a9b505c8af0b5f4d8c32a774edfaf9936fbd1c /src/lib/protocols/tls.c
parent	8cda02bb14bad44ae71317b322d895305245e713 (diff)
parent	3e259aac986bc86aa89adc2994811bb6f26a0649 (diff)