Fix invalid memory accesses

2 files changed, 8 insertions, 3 deletions

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index f621c2be3..cb4f7ac05 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -786,7 +786,12 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct
 #endif
       return(1); /* More packets please */
     }
-  }  
+  }
+
+  if(packet->payload_packet_len <= flow->l4.tcp.tls_record_offset) {
+    /* Avoid invalid memory accesses */
+    return(1);
+  }
 
   if(packet->payload[flow->l4.tcp.tls_record_offset] == 0x15 /* Alert */) {
     u_int len = ntohs(*(u_int16_t*)&packet->payload[flow->l4.tcp.tls_record_offset+3]) + 5 /* SSL header len */;
@@ -833,7 +838,7 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct
       return(0); /* That's all */
   } else if(flow->l4.tcp.tls_seen_certificate)
     return(0); /* That's all */  
-  else {
+  else if(packet->payload_packet_len > flow->l4.tcp.tls_record_offset+7) {
     /* This is a handshake but not a certificate record */
     u_int16_t len = ntohs(*(u_int16_t*)&packet->payload[flow->l4.tcp.tls_record_offset+7]);
 
diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c
index 28ac864e7..04f781e7b 100644
--- a/src/lib/protocols/viber.c
+++ b/src/lib/protocols/viber.c
@@ -31,7 +31,7 @@ void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, struct
   
   NDPI_LOG_DBG(ndpi_struct, "search for VIBER\n");
   
-  if(packet->udp != NULL) {
+  if((packet->udp != NULL) && (packet->payload_packet_len > 5)) {
     NDPI_LOG_DBG2(ndpi_struct, "calculating dport over udp\n");
 
     if((packet->payload[2] == 0x03 && packet->payload[3] == 0x00)