From 00dabce65e526a99e7848fe7ab53ac3bd9a68b92 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Thu, 7 Jan 2021 10:55:55 +0100
Subject: Quic fixes (#1106)

* QUIC: fix heap-buffer-overflow

* TLS: fix parsing of QUIC Transport Parameters
---
 src/lib/protocols/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols/tls.c')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 311532c7f..68d9f2fba 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1474,7 +1474,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 #ifdef DEBUG_TLS
 		  printf("Client SSL [QUIC TP: Param 0x%x Len %d]\n", (int)param_type, (int)param_len);
 #endif
-		  if(s_offset+param_len >= final_offset)
+		  if(s_offset+param_len > final_offset)
 		    break;
 
 		  if(param_type==0x3129) {
-- 
cgit v1.2.3