From ca68beda85b6b2fb8f96d9465997c0a371e3d152 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Tue, 23 Jun 2020 18:33:01 +0200
Subject: Fixed missing length check in fbzero.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 src/lib/protocols/fbzero.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/lib/protocols/fbzero.c')

diff --git a/src/lib/protocols/fbzero.c b/src/lib/protocols/fbzero.c
index 6c818e3c7..936d99e84 100644
--- a/src/lib/protocols/fbzero.c
+++ b/src/lib/protocols/fbzero.c
@@ -85,9 +85,12 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct,
 	char *value = (char*)&packet->payload[data_offset + data_prev_offset];
 	u_int tag_len = t->tag_offset_len-data_prev_offset, max_len;
 	ndpi_protocol_match_result ret_match;
-	
+
 	max_len = ndpi_min(tag_len, sizeof(flow->host_server_name)-1);
 
+	if (data_offset + data_prev_offset + max_len >= packet->payload_packet_len) {
+		return;
+	}
 	strncpy((char*)flow->host_server_name, value, max_len);
 	flow->host_server_name[max_len] = '\0';
 
-- 
cgit v1.2.3