diff options
| author | Luca Deri <deri@ntop.org> | 2020-09-26 12:33:57 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-09-26 12:33:57 +0200 |
| commit | 58538b7d19f35e8b8c5e33d83dd3655d24d66476 (patch) | |
| tree | dec2b5bd38d41c7efdaf964cf42a46e7a2e635e2 /src/lib | |
| parent | d0dbcf6dd69bd714ec5cabf0eaafa494036097ad (diff) | |
Added extra boundary checks
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/protocols/soulseek.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index 7ff299070..ce7db539a 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -121,11 +121,17 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } index += get_l32(packet->payload, index) + 4; - } - if(index + get_l32(packet->payload, index) == packet->payload_packet_len - 4 && !get_u_int16_t(packet->payload, 10)) { + } /* while */ + + if((packet->payload_packet_len >= (index+4)) + && (index + get_l32(packet->payload, index)) == (packet->payload_packet_len - 4) + && (get_u_int16_t(packet->payload, 10) != 0)) { /* This structure seems to be soulseek proto */ index = get_l32(packet->payload, 8) + 12; // end of "user name" - if((index + 4) <= packet->payload_packet_len && !get_u_int16_t(packet->payload, index + 2)) // for passwd len + + if(((index + 4) <= packet->payload_packet_len) + && (packet->payload_packet_len >= (index+4)) + && (!get_u_int16_t(packet->payload, index + 2))) // for passwd len { index += get_l32(packet->payload, index) + 4; //end of "Passwd" if((index + 4 + 4) <= packet->payload_packet_len && !get_u_int16_t(packet->payload, index + 6)) // to read version,hashlen @@ -142,7 +148,8 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } } if (packet->payload_packet_len > 8 - && packet->payload_packet_len < 200 && get_l32(packet->payload, 0) == packet->payload_packet_len - 4) { + && (packet->payload_packet_len < 200) + && get_l32(packet->payload, 0) == (packet->payload_packet_len - 4)) { //Server Messages: const u_int32_t msgcode = get_l32(packet->payload, 4); |