aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
diff options
context:
space:
mode:
authorLuca Deri <lucaderi@users.noreply.github.com>2020-04-15 18:05:16 +0200
committerGitHub <noreply@github.com>2020-04-15 18:05:16 +0200
commitf4c24663fc651904e325aa944bf5a30def726c6a (patch)
treeb890107aba3e3b0f2f27694f3a808ce9cc0ebc8b /src/lib/protocols
parent9f2dabbda469ca3853f3bb7191e74b3f4d47b48c (diff)
parent4f370fe7c49cb38125cff2a1411261011e433c94 (diff)
Merge pull request #874 from catenacyber/fuzz6fix
Fuzz6fix
Diffstat (limited to 'src/lib/protocols')
-rw-r--r--src/lib/protocols/irc.c2
-rw-r--r--src/lib/protocols/netbios.c3
-rw-r--r--src/lib/protocols/postgres.c4
-rw-r--r--src/lib/protocols/quic.c2
-rw-r--r--src/lib/protocols/tls.c4
5 files changed, 8 insertions, 7 deletions
diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c
index ed86aed42..2ebb929fa 100644
--- a/src/lib/protocols/irc.c
+++ b/src/lib/protocols/irc.c
@@ -677,7 +677,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
if (memcmp(&packet->line[i].ptr[j], "SEND ", 5) == 0
|| (memcmp(&packet->line[i].ptr[j], "CHAT", 4) == 0)
|| (memcmp(&packet->line[i].ptr[j], "chat", 4) == 0)
- || (memcmp(&packet->line[i].ptr[j], "sslchat", 7) == 0)
+ || (j+7 < packet->line[i].len && memcmp(&packet->line[i].ptr[j], "sslchat", 7) == 0)
|| (memcmp(&packet->line[i].ptr[j], "TSEND", 5) == 0)) {
NDPI_LOG_DBG2(ndpi_struct, "found CHAT,chat,sslchat,TSEND.");
j += 4;
diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c
index a53a2bfe1..fa47cc4a0 100644
--- a/src/lib/protocols/netbios.c
+++ b/src/lib/protocols/netbios.c
@@ -80,7 +80,8 @@ static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct
char name[64];
u_int off = flow->packet.payload[12] == 0x20 ? 12 : 14;
- if(ndpi_netbios_name_interpret((char*)&flow->packet.payload[off], flow->packet.payload_packet_len - off, name, sizeof(name)) > 0)
+ if(off > flow->packet.payload_packet_len &&
+ ndpi_netbios_name_interpret((char*)&flow->packet.payload[off], flow->packet.payload_packet_len - off, name, sizeof(name)) > 0)
snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name);
if(sub_protocol == NDPI_PROTOCOL_UNKNOWN)
diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c
index b6fa74473..a51fabaab 100644
--- a/src/lib/protocols/postgres.c
+++ b/src/lib/protocols/postgres.c
@@ -97,7 +97,7 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct
return;
}
size = (u_int16_t)ntohl(get_u_int32_t(packet->payload, 1)) + 1;
- if (packet->payload[size - 1] == 'S') {
+ if (size > 0 && size - 1 < packet->payload_packet_len && packet->payload[size - 1] == 'S') {
if ((size + get_u_int32_t(packet->payload, (size + 1))) == packet->payload_packet_len) {
NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n");
ndpi_int_postgres_add_connection(ndpi_struct, flow);
@@ -105,7 +105,7 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct
}
}
size += get_u_int32_t(packet->payload, (size + 1)) + 1;
- if (packet->payload[size - 1] == 'S') {
+ if (size > 0 && size - 1 < packet->payload_packet_len && packet->payload[size - 1] == 'S') {
NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n");
ndpi_int_postgres_add_connection(ndpi_struct, flow);
return;
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index be746550b..a7873685c 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -130,7 +130,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
while((sni_offset < udp_len) && (packet->payload[sni_offset] == '-'))
sni_offset++;
- if((sni_offset+len) < udp_len) {
+ if(len > 0 && (sni_offset+len) < udp_len) {
int max_len = sizeof(flow->host_server_name)-1, j = 0;
ndpi_protocol_match_result ret_match;
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 77d69a6fe..560e483ac 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1069,7 +1069,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
s_offset += 2;
tot_alpn_len += s_offset;
- while(s_offset < tot_alpn_len) {
+ while(s_offset < tot_alpn_len && s_offset < total_len) {
u_int8_t alpn_i, alpn_len = packet->payload[s_offset++];
if((s_offset + alpn_len) <= tot_alpn_len) {
@@ -1105,7 +1105,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
u_int8_t version_len = packet->payload[s_offset];
char version_str[256];
u_int8_t version_str_len = 0;
-
+ version_str[0] = 0;
#ifdef DEBUG_TLS
printf("Client SSL [TLS version len: %u]\n", version_len);
#endif