1 files changed, 28 insertions, 18 deletions

diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
index ff16545f5..f4c1a175a 100644
--- a/src/lib/protocols/kerberos.c
+++ b/src/lib/protocols/kerberos.c
@@ -202,11 +202,13 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 
 
 	      if(body_offset < packet->payload_packet_len) {
-		u_int16_t name_offset;
-
-		name_offset = body_offset + 13;
-		for(i=0; i<20; i++) if(packet->payload[name_offset] != 0x1b) name_offset++; /* ASN.1 */
-
+		u_int16_t name_offset = body_offset + 13;
+		
+		for(i=0; (i<20) && (name_offset < packet->payload_packet_len); i++) {
+		  if(packet->payload[name_offset] != 0x1b)
+		    name_offset++; /* ASN.1 */
+		}
+		
 #ifdef KERBEROS_DEBUG
 		printf("name_offset=%u [%02X %02X] [byte 0 must be 0x1b]\n", name_offset, packet->payload[name_offset], packet->payload[name_offset+1]);
 #endif
@@ -256,30 +258,38 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 		    } else
 		      snprintf(flow->protos.kerberos.username, sizeof(flow->protos.kerberos.username), "%s", cname_str);
 
-		    for(i=0; i<14; i++) if(packet->payload[realm_offset] != 0x1b) realm_offset++; /* ASN.1 */
+		    for(i=0; (i < 14) && (realm_offset <  packet->payload_packet_len); i++) {
+		      if(packet->payload[realm_offset] != 0x1b)
+			realm_offset++; /* ASN.1 */
+		    }
+		    
 #ifdef KERBEROS_DEBUG
-		    printf("realm_offset=%u [%02X %02X] [byte 0 must be 0x1b]\n", realm_offset, packet->payload[realm_offset], packet->payload[realm_offset+1]);
+		    printf("realm_offset=%u [%02X %02X] [byte 0 must be 0x1b]\n", realm_offset,
+			   packet->payload[realm_offset], packet->payload[realm_offset+1]);
 #endif
+		    
 		    realm_offset += 1;
 		    //if(num_cname == 2) realm_offset++;
-		    realm_len = packet->payload[realm_offset];
+		    if(realm_offset  < packet->payload_packet_len) {
+		      realm_len = packet->payload[realm_offset];
 
-		    if((realm_offset+realm_len) < packet->payload_packet_len) {
-		      char realm_str[48];
+		      if((realm_offset+realm_len) < packet->payload_packet_len) {
+			char realm_str[48];
 
-		      if(realm_len > sizeof(realm_str)-1)
-			realm_len = sizeof(realm_str)-1;
+			if(realm_len > sizeof(realm_str)-1)
+			  realm_len = sizeof(realm_str)-1;
 
-		      realm_offset += 1;
+			realm_offset += 1;
 
-		      strncpy(realm_str, (char*)&packet->payload[realm_offset], realm_len);
-		      realm_str[realm_len] = '\0';
-		      for(i=0; i<realm_len; i++) realm_str[i] = tolower(realm_str[i]);
+			strncpy(realm_str, (char*)&packet->payload[realm_offset], realm_len);
+			realm_str[realm_len] = '\0';
+			for(i=0; i<realm_len; i++) realm_str[i] = tolower(realm_str[i]);
 
 #ifdef KERBEROS_DEBUG
-		      printf("[AS-REQ][Kerberos Realm][len: %u][%s]\n", realm_len, realm_str);
+			printf("[AS-REQ][Kerberos Realm][len: %u][%s]\n", realm_len, realm_str);
 #endif
-		      snprintf(flow->protos.kerberos.domain, sizeof(flow->protos.kerberos.domain), "%s", realm_str);
+			snprintf(flow->protos.kerberos.domain, sizeof(flow->protos.kerberos.domain), "%s", realm_str);
+		      }
 		    }
 		  }
 		}