From f1d23e359d9a2ec2b806e38fa809e4e554d2a5fb Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Fri, 9 Feb 2024 07:47:22 +0100
Subject: Add PE32/PE32+ risk detection (detect transmitted windows
 executables).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 src/lib/protocols/http.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/lib/protocols/http.c')

diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 0d0247574..311761e84 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -193,10 +193,10 @@ static void ndpi_validate_http_content(struct ndpi_detection_module_struct *ndpi
 
       packet->http_check_content = 1;
 
-      if(len >= 8 /* 4 chars for \r\n\r\n and at least 4 charts for content guess */) {
-	double_ret += 4;
-
-	ndpi_http_check_human_redeable_content(ndpi_struct, flow, double_ret, len);
+      if (len > 4 /* 4 chars for \r\n\r\n and at least 4 charts for content guess */) {
+        double_ret += 4;
+        len -= 4;
+        ndpi_http_check_human_redeable_content(ndpi_struct, flow, double_ret, len);
       }
     }
 
-- 
cgit v1.2.3