From 96f8942f75f6f489312779a0c5ec22b7520319ca Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Tue, 22 Feb 2022 19:58:17 +0100 Subject: reader_util: fix parsing of IPv6 extension headers (#1453) Found by oss-fuzz See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44942 --- example/reader_util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/example/reader_util.c b/example/reader_util.c index 6b22ef9cc..aa95fb02c 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -984,6 +984,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo u_int8_t l4proto = iph6->ip6_hdr.ip6_un1_nxt; u_int16_t ip_len = ntohs(iph6->ip6_hdr.ip6_un1_plen); const u_int8_t *l4ptr = (((const u_int8_t *) iph6) + sizeof(struct ndpi_ipv6hdr)); + if(ipsize < sizeof(struct ndpi_ipv6hdr) + ip_len) + return(NULL); if(ndpi_handle_ipv6_extension_headers(ipsize - sizeof(struct ndpi_ipv6hdr), &l4ptr, &ip_len, &l4proto) != 0) { return(NULL); } -- cgit v1.2.3