From fb3fc0c6de201a2ab34b6f7ce4d5dfc2c54c3b5e Mon Sep 17 00:00:00 2001 From: theirix Date: Tue, 12 Apr 2016 22:08:30 +0300 Subject: Fixed buffer overflows with safe str search 1. Detected a lot of memory errors using address sanitizer and ndpi-scapy tool. 2. Added ndpi_match_prefix function that compares strings with taking care of payload packet len. Almost drop-in replacement for match_first_bytes function. 3. Replaced unsafe match_first_bytes usage with a ndpi_match_prefix and additional length checks. --- src/lib/protocols/rtp.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/lib/protocols/rtp.c') diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 17744ed95..9bcaec941 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -73,6 +73,8 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const u_int8_t * payload, const u_int16_t payload_len) { + if (payload_len < 2) + return; //struct ndpi_packet_struct *packet = &flow->packet; u_int8_t payloadType, payload_type = payload[1] & 0x7F; u_int32_t *ssid = (u_int32_t*)&payload[8]; -- cgit v1.2.3