Hardening fixes for packer parsing

author: Luca Deri <deri@ntop.org> 2019-05-03 18:08:12 +0200
committer: Luca Deri <deri@ntop.org> 2019-05-03 18:08:12 +0200
commit: e99a0abfba3dff52a00935bed6e08051e2fa4b61 (patch)
tree: fcc6abcd922cda1b7446f046e38c783878d3174b /src/lib/protocols
parent: 361ab030bc59d00cc55ed12b15340ac50473e8cb (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c
index f7fbd337c..fdc47d15c 100644
--- a/src/lib/protocols/mail_smtp.c
+++ b/src/lib/protocols/mail_smtp.c
@@ -58,13 +58,16 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct
 	
   NDPI_LOG_DBG(ndpi_struct, "search mail_smtp\n");
 
-  if (packet->payload_packet_len > 2 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) {
+  if((packet->payload_packet_len > 2)
+      && (packet->parsed_lines <  NDPI_MAX_PARSE_LINES_PER_PACKET)
+      && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a)
+      ) {
     u_int8_t a;
     u_int8_t bit_count = 0;
 
     NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow,packet);
-    for (a = 0; a < packet->parsed_lines; a++) {
 
+    for (a = 0; a < packet->parsed_lines; a++) {
       // expected server responses
       if (packet->line[a].len >= 3) {
 	if (memcmp(packet->line[a].ptr, "220", 3) == 0) {
author	Luca Deri <deri@ntop.org>	2019-05-03 18:08:12 +0200
committer	Luca Deri <deri@ntop.org>	2019-05-03 18:08:12 +0200
commit	e99a0abfba3dff52a00935bed6e08051e2fa4b61 (patch)
tree	fcc6abcd922cda1b7446f046e38c783878d3174b /src/lib/protocols
parent	361ab030bc59d00cc55ed12b15340ac50473e8cb (diff)