Add length check before several memcmps in msn.c [ASan detected].

author: Yingpei Zeng <zengyingpei@cmhi.chinamobile.com> 2018-04-16 18:47:49 +0800
committer: Yingpei Zeng <zengyingpei@cmhi.chinamobile.com> 2018-04-16 18:47:49 +0800
commit: 5950ad7ef82c329c56d17c11e9b34810180a7c16 (patch)
tree: 06a2187fcdeb99ab02ca19d0708beef5d83c8461 /src
parent: 4b720c4f3c8e74950e1c2b1c6dc10aa2c4c4c73e (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c
index 4c5b73dcd..ec090cf00 100644
--- a/src/lib/protocols/msn.c
+++ b/src/lib/protocols/msn.c
@@ -442,15 +442,16 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
   }
   NDPI_LOG_DBG(ndpi_struct, "msn 7\n");
   
-  if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) {	
-    if (memcmp(&packet->payload[0], "MSG ", 4) == 0
+  if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) {
+    if (packet->payload_packet_len >=4 &&  (memcmp(&packet->payload[0], "MSG ", 4) == 0
 	|| memcmp(&packet->payload[0], "PNG", 3) == 0
 	|| memcmp(&packet->payload[0], "QNG ", 4) == 0
 	|| memcmp(&packet->payload[0], "OUT", 3) == 0
 	|| memcmp(&packet->payload[0], "RNG ", 4) == 0
 	|| memcmp(&packet->payload[0], "NLN ", 4) == 0
 	|| memcmp(&packet->payload[0], "UBX ", 4) == 0
-	|| memcmp(&packet->payload[0], "XFR ", 4) == 0) {
+	|| memcmp(&packet->payload[0], "XFR ", 4) == 0)
+       ){
       ndpi_int_msn_add_connection(ndpi_struct, flow);
       
       NDPI_LOG_INFO(ndpi_struct, "found MSN\n");
author	Yingpei Zeng <zengyingpei@cmhi.chinamobile.com>	2018-04-16 18:47:49 +0800
committer	Yingpei Zeng <zengyingpei@cmhi.chinamobile.com>	2018-04-16 18:47:49 +0800
commit	5950ad7ef82c329c56d17c11e9b34810180a7c16 (patch)
tree	06a2187fcdeb99ab02ca19d0708beef5d83c8461 /src
parent	4b720c4f3c8e74950e1c2b1c6dc10aa2c4c4c73e (diff)