From 81e97d75153e38ce024a308b75d64edeb4b5e9bb Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 15 Apr 2020 15:35:34 +0200
Subject: Fixes OOB reads in postgres

Reported by GHSL
---
 src/lib/protocols/postgres.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/protocols/postgres.c')

diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c
index b6fa74473..a51fabaab 100644
--- a/src/lib/protocols/postgres.c
+++ b/src/lib/protocols/postgres.c
@@ -97,7 +97,7 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct
 				return;
 			}
 			size = (u_int16_t)ntohl(get_u_int32_t(packet->payload, 1)) + 1;
-			if (packet->payload[size - 1] == 'S') {
+			if (size > 0 && size - 1 < packet->payload_packet_len && packet->payload[size - 1] == 'S') {
 				if ((size + get_u_int32_t(packet->payload, (size + 1))) == packet->payload_packet_len) {
 					NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n");
 					ndpi_int_postgres_add_connection(ndpi_struct, flow);
@@ -105,7 +105,7 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct
 				}
 			}
 			size += get_u_int32_t(packet->payload, (size + 1)) + 1;
-			if (packet->payload[size - 1] == 'S') {
+			if (size > 0 && size - 1 < packet->payload_packet_len && packet->payload[size - 1] == 'S') {
 				NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n");
 				ndpi_int_postgres_add_connection(ndpi_struct, flow);
 				return;
-- 
cgit v1.2.3