From 3a1600ff26d02a3440186a6e8355521086a7e11f Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Mon, 26 Jun 2023 11:41:01 +0200
Subject: Thrift: fix heap-buffer-overflow (#2024)

---
 src/lib/protocols/thrift.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols/thrift.c')

diff --git a/src/lib/protocols/thrift.c b/src/lib/protocols/thrift.c
index 344795523..92f003781 100644
--- a/src/lib/protocols/thrift.c
+++ b/src/lib/protocols/thrift.c
@@ -120,7 +120,7 @@ static void thrift_set_method(struct ndpi_detection_module_struct *ndpi_struct,
     ndpi_set_risk(ndpi_struct, flow, NDPI_INVALID_CHARACTERS, "Invalid method name");
     flow->protos.thrift.method[0] = '\0';
   } else {
-    strncpy(flow->protos.thrift.method, method, method_length);
+    strncpy(flow->protos.thrift.method, method, ndpi_min(sizeof(flow->protos.thrift.method), method_length));
   }
 }
 
-- 
cgit v1.2.3