Added memory checks

2 files changed, 25 insertions, 22 deletions

diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index 445b33ee6..6beac5443 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -114,7 +114,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
 	quic_hlen++;
     }
     
-    if(udp_len > quic_hlen + 16 + 4) {
+    if(udp_len > (quic_hlen + 16 + 4)) {
       if(!strncmp((char*)&packet->payload[quic_hlen+16], "CHLO" /* Client Hello */, 4)) {
 	/* Check if SNI (Server Name Identification) is present */
 	for(i=quic_hlen+12; i<udp_len-3; i++) {
@@ -126,31 +126,33 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
 	    u_int32_t prev_offset = (*((u_int32_t*)&packet->payload[i-4]));
 
 	    if(offset > prev_offset) {
-	      u_int32_t len = offset-prev_offset;
+	      u_int32_t len        = offset - prev_offset;
 	      u_int32_t sni_offset = i+prev_offset+1;
 	      
-	      while((sni_offset < udp_len) && (packet->payload[sni_offset] == '-'))
-		sni_offset++;
-	      
-	      if(len > 0 && (sni_offset+len) < udp_len) {
-		u_int32_t max_len = sizeof(flow->host_server_name)-1, j = 0;
-		ndpi_protocol_match_result ret_match;
-		
-		if(len > max_len) len = max_len;
+	      if(len < udp_len) {
+		while((sni_offset < udp_len) && (packet->payload[sni_offset] == '-'))
+		  sni_offset++;
 		
-		while((len > 0) && (sni_offset < udp_len)) {
-		  flow->host_server_name[j++] = packet->payload[sni_offset];
-		  sni_offset++, len--;
+		if((sni_offset+len) < udp_len) {
+		  u_int32_t max_len = sizeof(flow->host_server_name)-1, j = 0;
+		  ndpi_protocol_match_result ret_match;
+		  
+		  if(len > max_len) len = max_len;
+		  
+		  while((len > 0) && (sni_offset < udp_len)) {
+		    flow->host_server_name[j++] = packet->payload[sni_offset];
+		    sni_offset++, len--;
+		  }
+		  
+		  ndpi_match_host_subprotocol(ndpi_struct, flow, 
+					      (char *)flow->host_server_name,
+					      strlen((const char*)flow->host_server_name),
+					      &ret_match,
+					      NDPI_PROTOCOL_QUIC);	      
 		}
-		
-		ndpi_match_host_subprotocol(ndpi_struct, flow, 
-					    (char *)flow->host_server_name,
-					    strlen((const char*)flow->host_server_name),
-					    &ret_match,
-					    NDPI_PROTOCOL_QUIC);	      
-	      }
 	      
-	      break;
+		break;
+	      }
 	    }
 	  }
 	}
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index b79b92d4a..ec267ba5e 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -479,7 +479,8 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
     }
   }
 
-  if(rdn_len) flow->protos.stun_ssl.ssl.subjectDN = ndpi_strdup(rdnSeqBuf);
+  if(rdn_len && (flow->protos.stun_ssl.ssl.subjectDN == NULL))
+    flow->protos.stun_ssl.ssl.subjectDN = ndpi_strdup(rdnSeqBuf);
 
   if(flow->protos.stun_ssl.ssl.subjectDN && flow->protos.stun_ssl.ssl.issuerDN
      && (!strcmp(flow->protos.stun_ssl.ssl.subjectDN, flow->protos.stun_ssl.ssl.issuerDN)))