diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-10-22 14:57:49 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-22 14:57:49 +0200 |
| commit | 333a6d60e8ab9c9cd5479a058f8b0c482c5cd2d9 (patch) | |
| tree | 1aca1f520fde4e928be9b74f6e564f3273534a11 /src | |
| parent | c3d1c69722f31791ad718bfe3a265c0df22b9997 (diff) | |
TLS: fix a heap-buffer-overflow (#1356)
Revert of c3d1c697
Error reproducible with the attached pcap and valgrind
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/tls.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index bfff42033..d5fa5db1b 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1533,10 +1533,10 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, printf("Client TLS [client cipher_len: %u][tls_version: 0x%04X]\n", cipher_len, tls_version); #endif - if((cipher_offset+cipher_len) <= total_len) { + if((cipher_offset+cipher_len) <= total_len - 1) { /* -1 because variable "id" is a u_int16_t */ u_int8_t safari_ciphers = 0, chrome_ciphers = 0, this_is_not_safari = 0, looks_like_safari_on_big_sur = 0; - for(i=0; i<cipher_len-1;) { + for(i=0; i<cipher_len;) { u_int16_t *id = (u_int16_t*)&packet->payload[cipher_offset+i]; u_int16_t cipher_id = ntohs(*id); |