From 3eb9907dd7bfd21be4980632761852eaee5aec81 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 18 Feb 2020 11:50:22 +0100
Subject: Fix various buffer over reads

---
 src/lib/protocols/dns.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/lib/protocols/dns.c')

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 924e7eb86..2f8fd5612 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -168,6 +168,9 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
 	  } else
 	    x += data_len;
 
+	  if((x+2) >= flow->packet.payload_packet_len) {
+	    break;
+	  }
 	  rsp_type = get16(&x, flow->packet.payload);
 	  flow->protos.dns.rsp_type = rsp_type;
 
-- 
cgit v1.2.3