From 6d7f3976f33b0d4fbbece60d6b7d549b13107674 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Mon, 9 Dec 2019 18:02:48 +0100
Subject: Code cleanup

---
 src/lib/protocols/tls.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

(limited to 'src/lib/protocols/tls.c')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index fb9ad4c45..f46686bb9 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -593,14 +593,17 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct,
 
 		      len = (packet->payload[offset+extension_offset+3] << 8) + packet->payload[offset+extension_offset+4];
 		      len = (u_int)ndpi_min(len, buffer_len-1);
-		      strncpy(buffer, (char*)&packet->payload[offset+extension_offset+5], len);
-		      buffer[len] = '\0';
 
-		      stripCertificateTrailer(buffer, buffer_len);
-
-		      if(!ndpi_struct->disable_metadata_export) {
-			snprintf(flow->protos.stun_ssl.ssl.client_certificate,
-				 sizeof(flow->protos.stun_ssl.ssl.client_certificate), "%s", buffer);
+		      if((offset+extension_offset+5+len) < packet->payload_packet_len) {
+			strncpy(buffer, (char*)&packet->payload[offset+extension_offset+5], len);
+			buffer[len] = '\0';
+			
+			stripCertificateTrailer(buffer, buffer_len);
+			
+			if(!ndpi_struct->disable_metadata_export) {
+			  snprintf(flow->protos.stun_ssl.ssl.client_certificate,
+				   sizeof(flow->protos.stun_ssl.ssl.client_certificate), "%s", buffer);
+			}
 		      }
 		    } else if(extension_id == 10 /* supported groups */) {
 		      u_int16_t s_offset = offset+extension_offset + 2;
-- 
cgit v1.2.3