Merge pull request #927 from lnslbrty/fix/fbzero-missing-length-check

Fixed missing length check in fbzero.
author: Luca Deri <lucaderi@users.noreply.github.com> 2020-06-24 22:17:35 +0200
committer: GitHub <noreply@github.com> 2020-06-24 22:17:35 +0200
commit: d710b8291d924c7140870288745bdd6a05553c19 (patch)
tree: 46db94978e921e2538503256bd2e98a40361fbdc /src
parent: 485e56d855be106d0037c6d70348ab7d0d58c9ce (diff)
parent: ca68beda85b6b2fb8f96d9465997c0a371e3d152 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/protocols/fbzero.c b/src/lib/protocols/fbzero.c
index 6c818e3c7..936d99e84 100644
--- a/src/lib/protocols/fbzero.c
+++ b/src/lib/protocols/fbzero.c
@@ -85,9 +85,12 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct,
 	char *value = (char*)&packet->payload[data_offset + data_prev_offset];
 	u_int tag_len = t->tag_offset_len-data_prev_offset, max_len;
 	ndpi_protocol_match_result ret_match;
-	
+
 	max_len = ndpi_min(tag_len, sizeof(flow->host_server_name)-1);
 
+	if (data_offset + data_prev_offset + max_len >= packet->payload_packet_len) {
+		return;
+	}
 	strncpy((char*)flow->host_server_name, value, max_len);
 	flow->host_server_name[max_len] = '\0';
author	Luca Deri <lucaderi@users.noreply.github.com>	2020-06-24 22:17:35 +0200
committer	GitHub <noreply@github.com>	2020-06-24 22:17:35 +0200
commit	d710b8291d924c7140870288745bdd6a05553c19 (patch)
tree	46db94978e921e2538503256bd2e98a40361fbdc /src
parent	485e56d855be106d0037c6d70348ab7d0d58c9ce (diff)
parent	ca68beda85b6b2fb8f96d9465997c0a371e3d152 (diff)