aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols/tls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/protocols/tls.c')
-rw-r--r--src/lib/protocols/tls.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 23c47d7cd..ed92814d9 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -308,7 +308,11 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct,
#endif
offset += 2 + 1;
- extension_len = ntohs(*((u_int16_t*)&packet->payload[offset]));
+
+ if((offset + 1) < packet->payload_packet_len) /* +1 because we are goint to read 2 bytes */
+ extension_len = ntohs(*((u_int16_t*)&packet->payload[offset]));
+ else
+ extension_len = 0;
#ifdef DEBUG_TLS
printf("TLS [server][extension_len: %u]\n", extension_len);
@@ -870,7 +874,7 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct
return(0); /* That's all */
} else if(flow->l4.tcp.tls_seen_certificate)
return(0); /* That's all */
- else if(packet->payload_packet_len > flow->l4.tcp.tls_record_offset+7) {
+ else if(packet->payload_packet_len > flow->l4.tcp.tls_record_offset+7+1/* +1 because we are going to read 2 bytes */) {
/* This is a handshake but not a certificate record */
u_int16_t len = ntohs(*(u_int16_t*)&packet->payload[flow->l4.tcp.tls_record_offset+7]);
Powered by cgit, Themed by Ted Yin.