From 83fdfe24d09396f293f6e78ecd341526f339a995 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 26 Feb 2020 16:16:29 +0100 Subject: Fix read overflow before UDP header --- example/reader_util.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'example/reader_util.c') diff --git a/example/reader_util.c b/example/reader_util.c index 7ab060ef5..f56320976 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1709,6 +1709,8 @@ ether_type_check: } if(workflow->prefs.decode_tunnels && (proto == IPPROTO_UDP)) { + if (header->caplen < ip_offset + ip_len + sizeof(struct ndpi_udphdr)) + return(nproto); /* Too short for UDP header*/ struct ndpi_udphdr *udp = (struct ndpi_udphdr *)&packet[ip_offset+ip_len]; u_int16_t sport = ntohs(udp->source), dport = ntohs(udp->dest); -- cgit v1.2.3 From 5fc9d41eb0b337958fb7c7446ca690f8ba361285 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 26 Feb 2020 17:05:08 +0100 Subject: Run ndpi_detection_process_packet only with payload Real problem is decapsulation of all ipv6 headers --- example/reader_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'example/reader_util.c') diff --git a/example/reader_util.c b/example/reader_util.c index f56320976..432dadbef 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1359,7 +1359,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, return(nproto); } - if(!flow->detection_completed) { + if(!flow->detection_completed && payload_len > 0) { u_int enough_packets = (((proto == IPPROTO_UDP) && ((flow->src2dst_packets + flow->dst2src_packets) > max_num_udp_dissected_pkts)) || ((proto == IPPROTO_TCP) && ((flow->src2dst_packets + flow->dst2src_packets) > max_num_tcp_dissected_pkts))) ? 1 : 0; -- cgit v1.2.3