From fbfa54eee65b453ec33876354b9e6279120af900 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Sat, 27 Jun 2020 22:58:05 +0200
Subject: Fixed off-by-one error in h323.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 src/lib/protocols/h323.c            |   2 +-
 tests/pcap/h323-overflow.pcap       | Bin 0 -> 98 bytes
 tests/result/h323-overflow.pcap.out |   3 +++
 3 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 tests/pcap/h323-overflow.pcap
 create mode 100644 tests/result/h323-overflow.pcap.out

diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c
index 13ec9d364..1d70a8cec 100644
--- a/src/lib/protocols/h323.c
+++ b/src/lib/protocols/h323.c
@@ -33,7 +33,7 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n
     NDPI_LOG_DBG2(ndpi_struct, "calculated dport over tcp\n");
 
     /* H323  */
-    if(packet->payload_packet_len >= 4
+    if(packet->payload_packet_len > 4
        && (packet->payload[0] == 0x03)
        && (packet->payload[1] == 0x00)) {
       struct tpkt *t = (struct tpkt*)packet->payload;
diff --git a/tests/pcap/h323-overflow.pcap b/tests/pcap/h323-overflow.pcap
new file mode 100644
index 000000000..f6af70ecc
Binary files /dev/null and b/tests/pcap/h323-overflow.pcap differ
diff --git a/tests/result/h323-overflow.pcap.out b/tests/result/h323-overflow.pcap.out
new file mode 100644
index 000000000..2a1d8e7e0
--- /dev/null
+++ b/tests/result/h323-overflow.pcap.out
@@ -0,0 +1,3 @@
+HTTP	1	58	1
+
+	1	TCP 192.168.1.1:31337 -> 192.168.1.2:80 [proto: 7/HTTP][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 7/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-- 
cgit v1.2.3