From af2a44ae5fd530218746d3272510fb6409b4366c Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Mon, 1 Jun 2020 18:22:10 +0200
Subject: Added boundary check in kerberos protocol

---
 src/lib/protocols/kerberos.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'src/lib/protocols/kerberos.c')

diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
index 98aa91a51..f4c1a175a 100644
--- a/src/lib/protocols/kerberos.c
+++ b/src/lib/protocols/kerberos.c
@@ -202,11 +202,13 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 
 
 	      if(body_offset < packet->payload_packet_len) {
-		u_int16_t name_offset;
-
-		name_offset = body_offset + 13;
-		for(i=0; i<20; i++) if(packet->payload[name_offset] != 0x1b) name_offset++; /* ASN.1 */
-
+		u_int16_t name_offset = body_offset + 13;
+		
+		for(i=0; (i<20) && (name_offset < packet->payload_packet_len); i++) {
+		  if(packet->payload[name_offset] != 0x1b)
+		    name_offset++; /* ASN.1 */
+		}
+		
 #ifdef KERBEROS_DEBUG
 		printf("name_offset=%u [%02X %02X] [byte 0 must be 0x1b]\n", name_offset, packet->payload[name_offset], packet->payload[name_offset+1]);
 #endif
-- 
cgit v1.2.3