From 9dcc4a2334fa10d7d0a3c019ee35dfde4c06e044 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Thu, 27 Jan 2022 10:59:35 +0100
Subject: Kerberos, TLS, example: fix some memory errors (#1419)

Detected by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43823
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43921
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43925
---
 src/lib/protocols/tls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/protocols/tls.c')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 96ee3e6a2..1eefe2d0f 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -2052,7 +2052,8 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		for(i=0; ja3.client.alpn[i] != '\0'; i++)
 		  if(ja3.client.alpn[i] == ',') ja3.client.alpn[i] = '-';
 
-	      } else if(extension_id == 43 /* supported versions */) {
+	      } else if(extension_id == 43 /* supported versions */ &&
+	                offset+extension_offset < total_len) {
 		u_int16_t s_offset = offset+extension_offset;
 		u_int8_t version_len = packet->payload[s_offset];
 		char version_str[256];
-- 
cgit v1.2.3