From 5950ad7ef82c329c56d17c11e9b34810180a7c16 Mon Sep 17 00:00:00 2001
From: Yingpei Zeng <zengyingpei@cmhi.chinamobile.com>
Date: Mon, 16 Apr 2018 18:47:49 +0800
Subject: Add length check before several memcmps in msn.c [ASan detected].

---
 src/lib/protocols/msn.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src/lib/protocols/msn.c')

diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c
index 4c5b73dcd..ec090cf00 100644
--- a/src/lib/protocols/msn.c
+++ b/src/lib/protocols/msn.c
@@ -442,15 +442,16 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
   }
   NDPI_LOG_DBG(ndpi_struct, "msn 7\n");
   
-  if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) {	
-    if (memcmp(&packet->payload[0], "MSG ", 4) == 0
+  if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) {
+    if (packet->payload_packet_len >=4 &&  (memcmp(&packet->payload[0], "MSG ", 4) == 0
 	|| memcmp(&packet->payload[0], "PNG", 3) == 0
 	|| memcmp(&packet->payload[0], "QNG ", 4) == 0
 	|| memcmp(&packet->payload[0], "OUT", 3) == 0
 	|| memcmp(&packet->payload[0], "RNG ", 4) == 0
 	|| memcmp(&packet->payload[0], "NLN ", 4) == 0
 	|| memcmp(&packet->payload[0], "UBX ", 4) == 0
-	|| memcmp(&packet->payload[0], "XFR ", 4) == 0) {
+	|| memcmp(&packet->payload[0], "XFR ", 4) == 0)
+       ){
       ndpi_int_msn_add_connection(ndpi_struct, flow);
       
       NDPI_LOG_INFO(ndpi_struct, "found MSN\n");
-- 
cgit v1.2.3