diff options
| author | Michele Campus <fci1908@gmail.com> | 2016-07-25 10:05:47 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-07-25 10:05:47 +0200 |
| commit | b102caf482aa4d455fc7db961902881d522d6079 (patch) | |
| tree | 0fd20202387c8828ec33752f06c220633c8ac6f4 /src | |
| parent | b6237bc39d89bbb082a71ed77c5d9737c15493ad (diff) | |
| parent | 7ec9e78e4dc18b988c338e5dcb65fab882e83c48 (diff) | |
Merge pull request #232 from theirix/dns-int-overflow
Fixed integer overflow in DNS extensions
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/ssl.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 14deff7f9..e730c06c5 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -244,7 +244,9 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, extensions_len = packet->payload[offset]; if((extensions_len+offset) < total_len) { - u_int16_t extension_offset = 1; /* Move to the first extension */ + /* Move to the first extension + Type is u_int to avoid possible overflow on extension_len addition */ + u_int extension_offset = 1; while(extension_offset < extensions_len) { u_int16_t extension_id, extension_len; |