aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNardi Ivan <nardi.ivan@gmail.com>2020-03-26 17:26:22 +0100
committerNardi Ivan <nardi.ivan@gmail.com>2020-03-27 11:09:53 +0100
commitda5e5a3e2aa9c7008760f1b24a873d5bdec96432 (patch)
treec8cedb956bd9ddff51a89e28376d6b4cea8f0281 /src
parent17d531e3db61326f286c7d0d543f4ea5b00bc796 (diff)
ciscovpn: fix heap-overflow error
Diffstat (limited to 'src')
-rw-r--r--src/lib/protocols/ciscovpn.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c
index 4a73e5728..eee7c4eb8 100644
--- a/src/lib/protocols/ciscovpn.c
+++ b/src/lib/protocols/ciscovpn.c
@@ -36,6 +36,7 @@ void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, stru
if((tdport == 10000 && tsport == 10000) ||
((tsport == 443 || tdport == 443) &&
+ (packet->payload_packet_len >= 4) &&
(packet->payload[0] == 0x17 &&
packet->payload[1] == 0x01 &&
packet->payload[2] == 0x00 &&
@@ -51,6 +52,7 @@ void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, stru
}
else if(((tsport == 443 || tdport == 443) ||
(tsport == 80 || tdport == 80)) &&
+ (packet->payload_packet_len >= 5) &&
((packet->payload[0] == 0x17 &&
packet->payload[1] == 0x03 &&
packet->payload[2] == 0x03 &&
@@ -64,6 +66,7 @@ void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, stru
}
else if(((tsport == 8009 || tdport == 8009) ||
(tsport == 8008 || tdport == 8008)) &&
+ (packet->payload_packet_len >= 5) &&
((packet->payload[0] == 0x17 &&
packet->payload[1] == 0x03 &&
packet->payload[2] == 0x03 &&
@@ -79,6 +82,7 @@ void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, stru
(
(usport == 10000 && udport == 10000)
&&
+ (packet->payload_packet_len >= 4) &&
(packet->payload[0] == 0xfe &&
packet->payload[1] == 0x57 &&
packet->payload[2] == 0x7e &&
Powered by cgit, Themed by Ted Yin.