From 226a9abf2235fd9e87353ffe727babad71fb7274 Mon Sep 17 00:00:00 2001
From: emanuele-f <faranda@ntop.org>
Date: Wed, 4 Dec 2019 18:34:08 +0100
Subject: Additional memory bounds checks

---
 src/lib/protocols/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols/tls.c')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 2f4959b81..ed92814d9 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -874,7 +874,7 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct
       return(0); /* That's all */
   } else if(flow->l4.tcp.tls_seen_certificate)
     return(0); /* That's all */  
-  else if(packet->payload_packet_len > flow->l4.tcp.tls_record_offset+7) {
+  else if(packet->payload_packet_len > flow->l4.tcp.tls_record_offset+7+1/* +1 because we are going to read 2 bytes */) {
     /* This is a handshake but not a certificate record */
     u_int16_t len = ntohs(*(u_int16_t*)&packet->payload[flow->l4.tcp.tls_record_offset+7]);
 
-- 
cgit v1.2.3