From b080a1c136fadb675c42bb72309e7c479ac7d292 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Wed, 12 Jan 2022 20:24:57 +0100
Subject: Fix two use-of-uninitialized-value errors (#1398)

Found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40269
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41432

Fix fuzz compilation (follow-up of f5545a80)
---
 src/lib/protocols/tls.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/lib/protocols/tls.c')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 622fa678f..4815275d4 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1718,6 +1718,14 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 	      checkExtensions(ndpi_struct, flow, is_dtls,
 			      extension_id, extension_len, offset + extension_offset);
 
+	      if(offset + 4 + extension_len > total_len) {
+#ifdef DEBUG_TLS
+	        printf("[TLS] extension length %u too long (%u, offset %u)\n",
+	               extension_len, total_len, offset);
+#endif
+	        break;
+	      }
+
 	      if((extension_id == 0) || (packet->payload[extn_off] != packet->payload[extn_off+1])) {
 		/* Skip GREASE */
 
@@ -1957,7 +1965,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		printf("[SIGNATURE] [is_firefox_tls: %u][is_chrome_tls: %u][is_safari_tls: %u][duplicate_found: %u]\n",
 		       flow->protos.tls_quic.browser_heuristics.is_firefox_tls,
 		       flow->protos.tls_quic.browser_heuristics.is_chrome_tls,
-		       flow->protos..tls_quic.browser_heuristics.is_safari_tls,
+		       flow->protos.tls_quic.browser_heuristics.is_safari_tls,
 		       duplicate_found);
 #endif
 
-- 
cgit v1.2.3