diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-06-10 11:06:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-06-10 11:06:17 +0200 |
| commit | aee2c81f76842c6968e98f343adb46082eb3fb85 (patch) | |
| tree | 10913705041145c001fda7eba1fc130398756294 /src/lib/protocols | |
| parent | b90d39c4ac039464798a323ef96dc92262504852 (diff) | |
Zoom: fix integer overflow (#2469)
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==29508==ERROR: AddressSanitizer: SEGV on unknown address 0x50710145d51d (pc 0x55cb788f25fe bp 0x7ffcfefa15f0 sp 0x7ffcfefa1240 T0)
==29508==The signal is caused by a READ memory access.
#0 0x55cb788f25fe in ndpi_search_zoom /home/ivan/svnrepos/nDPI/src/lib/protocols/zoom.c:210:24
#1 0x55cb787e9418 in check_ndpi_detection_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7174:6
#2 0x55cb7883f753 in check_ndpi_udp_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7209:10
#3 0x55cb7883bc9d in ndpi_check_flow_func /home/ivan/svnrepos/nDPI/src/lib/ndpi_main.c:7240:12
```
Found by oss-fuzzer
See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69520
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/zoom.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/protocols/zoom.c b/src/lib/protocols/zoom.c index 4ffad391a..4ec16353f 100644 --- a/src/lib/protocols/zoom.c +++ b/src/lib/protocols/zoom.c @@ -184,7 +184,7 @@ static void ndpi_search_zoom(struct ndpi_detection_module_struct *ndpi_struct, } else if(packet->payload_packet_len > 36 && memcmp(packet->payload, tomatch_p2p, 3) == 0 && *(u_int32_t *)&packet->payload[packet->payload_packet_len - 4] == 0) { - u_int32_t ip_len, uuid_len; + u_int64_t ip_len, uuid_len; /* Check if it is a Peer-To-Peer call. We have been identifing such flows using the "stun_zoom" LRU cache; let's |