From 843204299c79c55c736231c06db98def2b3a6bba Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 18 Dec 2019 13:48:33 +0100
Subject: Fix read buffer overflow in stun

---
 src/lib/protocols/stun.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index d5114204f..cc38722e0 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -314,7 +314,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
        https://en.wikipedia.org/wiki/Skype_for_Business
        */
 
-      while((offset+2) < payload_length) {
+      while((offset+4) < payload_length) {
         u_int16_t attribute = ntohs(*((u_int16_t*)&payload[offset]));
         u_int16_t len = ntohs(*((u_int16_t*)&payload[offset+2]));
         u_int16_t x = (len + 4) % 4;
-- 
cgit v1.2.3