From b69177be2fbe01c2442239a61832c44e40136c05 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Sun, 10 May 2020 15:04:23 +0200
Subject: Adds bound check in oracle protocol

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
---
 src/lib/protocols/oracle.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c
index 6ad6bac4c..a24837a68 100644
--- a/src/lib/protocols/oracle.c
+++ b/src/lib/protocols/oracle.c
@@ -43,7 +43,7 @@ void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct
     NDPI_LOG_DBG2(ndpi_struct, "calculating ORACLE over tcp\n");
     /* Oracle Database 9g,10g,11g */
     if ((dport == 1521 || sport == 1521)
-	&&  (((packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00))
+	&&  (((packet->payload_packet_len >= 3 && packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00))
 	     || ((packet->payload_packet_len >= 232) && ((packet->payload[0] == 0x00) || (packet->payload[0] == 0x01)) 
 	     && (packet->payload[1] != 0x00)
 	     && (packet->payload[2] == 0x00)
-- 
cgit v1.2.3