Added packet boundary checks

author: Luca Deri <deri@ntop.org> 2020-01-05 20:58:16 +0100
committer: Luca Deri <deri@ntop.org> 2020-01-05 20:58:16 +0100
commit: 53a5be3399aade39588ffbf2d4f725dc2697a6ec (patch)
tree: 7e1d21d05a9732d245d62298387bb4351e999ec1 /src/lib/protocols
parent: f389969c0b860961deaec4ee6e200246ca0f6482 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index e87262e87..a687f8916 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -780,6 +780,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 	  offset += session_id_len+1;
       }
 
+      if((offset+3) > packet->payload_packet_len)
+	return(0); /* Not found */
+
       ja3.num_cipher = 1, ja3.cipher[0] = ntohs(*((u_int16_t*)&packet->payload[offset]));
       flow->protos.stun_ssl.ssl.server_unsafe_cipher = ndpi_is_safe_ssl_cipher(ja3.cipher[0]);
       flow->protos.stun_ssl.ssl.server_cipher = ja3.cipher[0];
@@ -873,7 +876,10 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 #endif      
     } else if(handshake_type == 0x01 /* Client Hello */) {
       u_int16_t cipher_len, cipher_offset;
-      
+
+      if((session_id_len+base_offset+3) > packet->payload_packet_len)
+	return(0); /* Not found */
+
       if(packet->tcp) {
 	cipher_len = packet->payload[session_id_len+base_offset+2] + (packet->payload[session_id_len+base_offset+1] << 8);
 	cipher_offset = base_offset + session_id_len + 3;
author	Luca Deri <deri@ntop.org>	2020-01-05 20:58:16 +0100
committer	Luca Deri <deri@ntop.org>	2020-01-05 20:58:16 +0100
commit	53a5be3399aade39588ffbf2d4f725dc2697a6ec (patch)
tree	7e1d21d05a9732d245d62298387bb4351e999ec1 /src/lib/protocols
parent	f389969c0b860961deaec4ee6e200246ca0f6482 (diff)