soulseek: fix heap buffer overflow (#1083)

Close #1082
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2020-12-11 21:01:07 +0100
committer: GitHub <noreply@github.com> 2020-12-11 21:01:07 +0100
commit: 5587010cfb67baec9087061f2d9f202d55165981 (patch)
tree: 138cb89dbb25e066c83ebee4aa789e813102c038 /src/lib
parent: 5cb6ddfd221bd8c761d6a54e450e8ba9e920de00 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c
index ce7db539a..44871c43b 100644
--- a/src/lib/protocols/soulseek.c
+++ b/src/lib/protocols/soulseek.c
@@ -110,7 +110,8 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct,
       u_int32_t index = 0;
 
       if(packet->payload_packet_len >= 12 && packet->payload_packet_len < 300 && get_l32(packet->payload, 4) == 1) {
-	while (!get_u_int16_t(packet->payload, index + 2)
+	while (index + 4 < packet->payload_packet_len &&
+	       !get_u_int16_t(packet->payload, index + 2)
 	       && (index + get_l32(packet->payload, index)) < packet->payload_packet_len - 4) {
 	  if(get_l32(packet->payload, index) < 8)	/*Minimum soulseek login msg is 8B */
 	    break;
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2020-12-11 21:01:07 +0100
committer	GitHub <noreply@github.com>	2020-12-11 21:01:07 +0100
commit	5587010cfb67baec9087061f2d9f202d55165981 (patch)
tree	138cb89dbb25e066c83ebee4aa789e813102c038 /src/lib
parent	5cb6ddfd221bd8c761d6a54e450e8ba9e920de00 (diff)