Additional memory bounds checks

2 files changed, 2 insertions, 2 deletions

diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c
index 5ae0e34f7..37cfbe1ed 100644
--- a/src/lib/protocols/irc.c
+++ b/src/lib/protocols/irc.c
@@ -495,7 +495,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
 	  packet->parsed_lines = 0;
 	}
 	for (i = 0; i < packet->parsed_lines; i++) {
-	  if (packet->line[i].ptr[0] == ':') {
+	  if ((packet->line[i].len > 0) && packet->line[i].ptr[0] == ':') {
 	    flow->l4.tcp.irc_3a_counter++;
 	    if (flow->l4.tcp.irc_3a_counter == 7) {	/* ':' == 0x3a */
 	      NDPI_LOG_INFO(ndpi_struct, "found irc. 0x3a. seven times.");
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 2f4959b81..ed92814d9 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -874,7 +874,7 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct
       return(0); /* That's all */
   } else if(flow->l4.tcp.tls_seen_certificate)
     return(0); /* That's all */  
-  else if(packet->payload_packet_len > flow->l4.tcp.tls_record_offset+7) {
+  else if(packet->payload_packet_len > flow->l4.tcp.tls_record_offset+7+1/* +1 because we are going to read 2 bytes */) {
     /* This is a handshake but not a certificate record */
     u_int16_t len = ntohs(*(u_int16_t*)&packet->payload[flow->l4.tcp.tls_record_offset+7]);