Fix buffer overread in netbios

2 files changed, 3 insertions, 5 deletions

diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index c909adc74..fc1a863fc 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -131,8 +131,6 @@ extern "C" {
 					       u_int16_t protocol_id,
 					       u_int16_t** tcp_master_proto,
 					       u_int16_t** udp_master_proto);
-  #/* NDPI_PROTOCOL_NETBIOS */
-  int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len);
   
 #ifdef NDPI_ENABLE_DEBUG_MESSAGES
   void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct,
diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c
index edc9f755f..02d96b043 100644
--- a/src/lib/protocols/netbios.c
+++ b/src/lib/protocols/netbios.c
@@ -38,7 +38,7 @@ struct netbios_header {
 /* ****************************************************************** */
 
 /* The function below has been inherited by tcpdump */
-int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len) {
+static int ndpi_netbios_name_interpret(char *in, size_t inlen, char *out, u_int out_len) {
   int ret = 0, len;
   char *b;
   
@@ -46,7 +46,7 @@ int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len) {
   b  = out;
   *out = 0;
 
-  if(len > (out_len-1) || len < 1)
+  if(len > (out_len-1) || len < 1 || 2*len > inlen)
     return(-1);  
   
   while (len--) {
@@ -80,7 +80,7 @@ static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct
   char name[64];
   u_int off = flow->packet.payload[12] == 0x20 ? 12 : 14;
   
-  if(ndpi_netbios_name_interpret((char*)&flow->packet.payload[off], name, sizeof(name)) > 0)
+  if(ndpi_netbios_name_interpret((char*)&flow->packet.payload[off], flow->packet.payload_packet_len - off, name, sizeof(name)) > 0)
     snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name);    
 
   if(sub_protocol == NDPI_PROTOCOL_UNKNOWN)