diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2020-07-08 00:21:00 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2020-07-08 00:21:00 +0200 |
| commit | ccb30a04ad6f7b0e954549c3e961312b143bc511 (patch) | |
| tree | 1009f114f6258f9dc8f5bf5d91c24897630ee42d /src | |
| parent | fb04dbbc47510a9dc87d302b9bbead33bfd0c508 (diff) | |
Fixed thunder protocol detection heap overflow caused by missing lengthcheck.
* triggered by fuzz traces from wireshark
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/thunder.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index 30194d153..4d477499d 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -118,6 +118,7 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct packet->content_line.len == 24 && memcmp(packet->content_line.ptr, "application/octet-stream", 24) == 0 && packet->empty_line_position_set < (packet->payload_packet_len - 8) + && packet->payload_packet_len > (packet->empty_line_position + 5) && packet->payload[packet->empty_line_position + 2] >= 0x30 && packet->payload[packet->empty_line_position + 2] < 0x40 && packet->payload[packet->empty_line_position + 3] == 0x00 |