TLS: ignore invalid Content Type values

author: Nardi Ivan <nardi.ivan@gmail.com> 2022-01-09 16:53:00 +0100
committer: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2022-07-07 15:36:05 +0200
commit: a31e79fc3c728acb01f03547197cccb95aa2265a (patch)
tree: 49f5de58c6468a9adbf758109d7df39c3eb9175f /src/lib/protocols/tls.c
parent: 15042870f94d19d824e5f80c6274690711f72ef7 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 69bec44f5..00f1069bc 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -919,6 +919,14 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 
   ndpi_search_tls_tcp_memory(ndpi_struct, flow);
 
+  /* Valid TLS Content Types:
+     https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-5 */
+  if(!(flow->l4.tcp.tls.message.buffer[0] >= 20 &&
+       flow->l4.tcp.tls.message.buffer[0] <= 26)) {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    something_went_wrong = 1;
+  }
+
   while(!something_went_wrong) {
     u_int16_t len, p_len;
     const u_int8_t *p;
author	Nardi Ivan <nardi.ivan@gmail.com>	2022-01-09 16:53:00 +0100
committer	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2022-07-07 15:36:05 +0200
commit	a31e79fc3c728acb01f03547197cccb95aa2265a (patch)
tree	49f5de58c6468a9adbf758109d7df39c3eb9175f /src/lib/protocols/tls.c
parent	15042870f94d19d824e5f80c6274690711f72ef7 (diff)