diff options
| author | Toni <matzeton@googlemail.com> | 2022-08-24 11:24:25 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-24 11:24:25 +0200 |
| commit | e135c1c5e3a6b202f4b29374426bbc9808978045 (patch) | |
| tree | c3c0a1a992d093642055c029b71cbcd2e336f2b5 /src | |
| parent | 30730e95e5a270cb70dd5509fa6e481a7ed4e074 (diff) | |
| parent | ac0d7ccb7e6ee1a9b67f07822dad66617d5ff75b (diff) | |
Merge pull request #1712 from IvanNardi/oss-fuzzer
HTTP, SoftEther, Florensia: fix some memory corruptions
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/florensia.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/softether.c | 2 |
3 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/protocols/florensia.c b/src/lib/protocols/florensia.c index 95a6d99d5..8617f3741 100644 --- a/src/lib/protocols/florensia.c +++ b/src/lib/protocols/florensia.c @@ -90,7 +90,8 @@ void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, str ndpi_florensia_add_connection(ndpi_struct, flow); return; } - if (flow->packet_counter < 10 && get_l16(packet->payload, 0) == packet->payload_packet_len) { + if (flow->packet_counter < 10 && packet->payload_packet_len >=2 && + get_l16(packet->payload, 0) == packet->payload_packet_len) { NDPI_LOG_DBG2(ndpi_struct, "maybe florensia\n"); return; } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index a562aa03e..6fe6cab33 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -855,7 +855,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ /* Matching on Content-Type. OCSP: application/ocsp-request, application/ocsp-response */ - if(strncmp((const char *)packet->content_line.ptr, "application/ocsp-", 17) == 0) { + if(packet->content_line.len > 17 && + strncmp((const char *)packet->content_line.ptr, "application/ocsp-", 17) == 0) { NDPI_LOG_DBG2(ndpi_struct, "Found OCSP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_HTTP, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/softether.c b/src/lib/protocols/softether.c index d5dce55f9..ea59a9a99 100644 --- a/src/lib/protocols/softether.c +++ b/src/lib/protocols/softether.c @@ -97,7 +97,7 @@ static size_t dissect_softether_type(enum softether_value_type t, v->value.ptr.raw = payload + 4; u_int32_t siz = ntohl(get_u_int32_t(payload, 0)); - if(siz == 0 || (u_int64_t)payload_len < (u_int64_t)siz + 3) + if(siz == 0 || (u_int64_t)payload_len < (u_int64_t)siz + sizeof(siz)) return 0; if(t == VALUE_DATA) |