From 6966e0d19b389f78c97f55ab3b2318a5cda41e08 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Wed, 11 Sep 2019 17:13:49 +0200
Subject: Added STUN check to avoid false positives Added fingerprint comments
 in SSH/TLS Added netflow test pcap

---
 src/lib/protocols/stun.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib/protocols/stun.c')

diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index f8e360c3f..0ab3ed805 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -140,7 +140,9 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
 
   *is_whatsapp = 0, *is_messenger = 0, *is_duo = 0;
 
-  if(payload_length < sizeof(struct stun_packet_header)) {
+  if(payload_length >= 512) {
+    return(NDPI_IS_NOT_STUN);
+  } else if(payload_length < sizeof(struct stun_packet_header)) {
     /* This looks like an invalid packet */
 
     if(flow->protos.stun_ssl.stun.num_udp_pkts > 0) {
-- 
cgit v1.2.3