kerberos: fix heap-overflow error

author: Nardi Ivan <nardi.ivan@gmail.com> 2020-04-01 16:23:28 +0200
committer: Nardi Ivan <nardi.ivan@gmail.com> 2020-04-08 15:15:34 +0200
commit: 7b690d8b2d67ae5096941abae536ecdf75bf4540 (patch)
tree: e49b5a63940d879ceabedf2a7dbf1f20b20d68e9 /src
parent: 0c1322a7185b71e5a52a659b147c96529ed328a7 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
index 2aa73dd39..ff16545f5 100644
--- a/src/lib/protocols/kerberos.c
+++ b/src/lib/protocols/kerberos.c
@@ -189,7 +189,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 
 	      body_offset = koffsetp + 1 + pad_len;
 
-	      for(i=0; i<10; i++) if(packet->payload[body_offset] != 0x05) body_offset++; /* ASN.1 */
+	      for(i=0; i<10; i++) if(body_offset<packet->payload_packet_len && packet->payload[body_offset] != 0x05) body_offset++; /* ASN.1 */
 #ifdef KERBEROS_DEBUG
 	      printf("body_offset=%u [%02X %02X] [byte 0 must be 0x05]\n", body_offset, packet->payload[body_offset], packet->payload[body_offset+1]);
 #endif
author	Nardi Ivan <nardi.ivan@gmail.com>	2020-04-01 16:23:28 +0200
committer	Nardi Ivan <nardi.ivan@gmail.com>	2020-04-08 15:15:34 +0200
commit	7b690d8b2d67ae5096941abae536ecdf75bf4540 (patch)
tree	e49b5a63940d879ceabedf2a7dbf1f20b20d68e9 /src
parent	0c1322a7185b71e5a52a659b147c96529ed328a7 (diff)