From 7ec9e78e4dc18b988c338e5dcb65fab882e83c48 Mon Sep 17 00:00:00 2001
From: theirix <theirix@gmail.com>
Date: Mon, 25 Jul 2016 10:04:39 +0300
Subject: Fixed integer overflow in DNS extensions

---
 src/lib/protocols/ssl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib/protocols/ssl.c')

diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c
index 14deff7f9..e730c06c5 100644
--- a/src/lib/protocols/ssl.c
+++ b/src/lib/protocols/ssl.c
@@ -244,7 +244,9 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
 		extensions_len = packet->payload[offset];
 
 		if((extensions_len+offset) < total_len) {
-		  u_int16_t extension_offset = 1; /* Move to the first extension */
+		  /* Move to the first extension
+		  Type is u_int to avoid possible overflow on extension_len addition */
+		  u_int extension_offset = 1;
 
 		  while(extension_offset < extensions_len) {
 		    u_int16_t extension_id, extension_len;
-- 
cgit v1.2.3