diff options
| -rw-r--r-- | src/lib/protocols/tls.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index c65d4fc69..9d22a66db 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -764,7 +764,12 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct return(1); /* More packets please */ else if(flow->l4.tcp.tls_srv_cert_fingerprint_processed) return(0); /* We're good */ - + + if(packet->payload_packet_len <= flow->l4.tcp.tls_record_offset) { + /* Avoid invalid memory accesses */ + return(1); + } + if(flow->l4.tcp.tls_fingerprint_len > 0) { unsigned int avail = packet->payload_packet_len - flow->l4.tcp.tls_record_offset; @@ -817,11 +822,6 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct } } - if(packet->payload_packet_len <= flow->l4.tcp.tls_record_offset) { - /* Avoid invalid memory accesses */ - return(1); - } - if(packet->payload[flow->l4.tcp.tls_record_offset] == 0x15 /* Alert */) { u_int len = ntohs(*(u_int16_t*)&packet->payload[flow->l4.tcp.tls_record_offset+3]) + 5 /* SSL header len */; |