From 96c193cf795fbe7b55f8633404884099fcdc0d80 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Fri, 10 Jul 2020 00:12:27 +0200 Subject: Fixed heap overflow caused by missing lengthcheck in 802.11 LLC header parsing. * triggered by fuzz traces from wireshark Signed-off-by: Toni Uhlig --- example/reader_util.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'example') diff --git a/example/reader_util.c b/example/reader_util.c index 55dc0c667..9ad70ea53 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1686,6 +1686,8 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, break; /* Check ether_type from LLC */ + if(header->caplen < (eth_offset + wifi_len + radio_len + sizeof(struct ndpi_llc_header_snap))) + return(nproto); llc = (struct ndpi_llc_header_snap*)(packet + eth_offset + wifi_len + radio_len); if(llc->dsap == SNAP) type = ntohs(llc->snap.proto_ID); -- cgit v1.2.3