diff options
author | emanuele-f <black.silver@hotmail.it> | 2019-10-04 14:35:31 +0200 |
---|---|---|
committer | emanuele-f <black.silver@hotmail.it> | 2019-10-04 14:35:51 +0200 |
commit | 4bdbf02c2d5eb871dca4ec620bb66fcc16a74af1 (patch) | |
tree | 83025a19fefb32d47c9d8f365fb0eb938af27737 /src/lib/protocols/tls.c | |
parent | f83b2a0940cf86ee07305e970b9650efbfa4eb00 (diff) |
Fix invalid memory accesses
Diffstat (limited to 'src/lib/protocols/tls.c')
-rw-r--r-- | src/lib/protocols/tls.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index f621c2be3..cb4f7ac05 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -786,7 +786,12 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct #endif return(1); /* More packets please */ } - } + } + + if(packet->payload_packet_len <= flow->l4.tcp.tls_record_offset) { + /* Avoid invalid memory accesses */ + return(1); + } if(packet->payload[flow->l4.tcp.tls_record_offset] == 0x15 /* Alert */) { u_int len = ntohs(*(u_int16_t*)&packet->payload[flow->l4.tcp.tls_record_offset+3]) + 5 /* SSL header len */; @@ -833,7 +838,7 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct return(0); /* That's all */ } else if(flow->l4.tcp.tls_seen_certificate) return(0); /* That's all */ - else { + else if(packet->payload_packet_len > flow->l4.tcp.tls_record_offset+7) { /* This is a handshake but not a certificate record */ u_int16_t len = ntohs(*(u_int16_t*)&packet->payload[flow->l4.tcp.tls_record_offset+7]); |