From 4ec3e6c064b56f1434bd4c887bd96d0916d07f2e Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 15 Apr 2020 15:42:54 +0200
Subject: Adds bound check in TLS

---
 src/lib/protocols/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols/tls.c')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 77d69a6fe..ef2c0a86e 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1069,7 +1069,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		s_offset += 2;
 		tot_alpn_len += s_offset;
 
-		while(s_offset < tot_alpn_len) {
+		while(s_offset < tot_alpn_len && s_offset < total_len) {
 		  u_int8_t alpn_i, alpn_len = packet->payload[s_offset++];
 
 		  if((s_offset + alpn_len) <= tot_alpn_len) {
-- 
cgit v1.2.3


From 9483c842b572a887c59d715d21b4737475ffd092 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 15 Apr 2020 16:24:03 +0200
Subject: TLS initializes version_str

---
 src/lib/protocols/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols/tls.c')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index ef2c0a86e..560e483ac 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1105,7 +1105,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		u_int8_t version_len = packet->payload[s_offset];
 		char version_str[256];
 		u_int8_t version_str_len = 0;
-		
+		version_str[0] = 0;
 #ifdef DEBUG_TLS
 		printf("Client SSL [TLS version len: %u]\n", version_len);
 #endif
-- 
cgit v1.2.3