From 726bb6704ccdf247fc3ac4fc9802c17a15bed753 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Sat, 28 Sep 2024 18:42:56 +0200
Subject: Added check for avoiding heap buffer overflows

---
 src/lib/protocols/http.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/lib/protocols/http.c')

diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 57f71e2fe..cb146fcc0 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -967,8 +967,9 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
   }
 
   if(packet->upgrade_line.ptr != NULL) {
-    if(flow->http.response_status_code == 101 &&
-       memcmp((char *)packet->upgrade_line.ptr, "websocket", 9) == 0)
+    if((flow->http.response_status_code == 101)
+       && (packet->upgrade_line.len >= 9)
+       && memcmp((char *)packet->upgrade_line.ptr, "websocket", 9) == 0)
       flow->http.websocket = 1;
   }
 
-- 
cgit v1.2.3