From 7a1509bf607cb86db520366335459e5fc317991b Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Fri, 21 Jul 2023 03:42:36 +0200
Subject: zabbix: improve detection (#2055)

---
 src/lib/protocols/zabbix.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'src/lib/protocols/zabbix.c')

diff --git a/src/lib/protocols/zabbix.c b/src/lib/protocols/zabbix.c
index 29f5320be..528402927 100644
--- a/src/lib/protocols/zabbix.c
+++ b/src/lib/protocols/zabbix.c
@@ -37,13 +37,12 @@ static void ndpi_int_zabbix_add_connection(struct ndpi_detection_module_struct *
 static void ndpi_search_zabbix(struct ndpi_detection_module_struct *ndpi_struct,
 			       struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-  u_int8_t tomatch[] = { 'Z', 'B', 'X', 'D', 0x1 };
+  u_int8_t tomatch[] = { 'Z', 'B', 'X', 'D' };
 
   NDPI_LOG_DBG(ndpi_struct, "search Zabbix\n");
 
-  if(packet &&
-     (packet->payload_packet_len > 4)
-     && (memcmp(packet->payload, tomatch, 5) == 0))    
+  if((packet->payload_packet_len >= 4)
+     && (memcmp(packet->payload, tomatch, 4) == 0))
     ndpi_int_zabbix_add_connection(ndpi_struct, flow);
   else
     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-- 
cgit v1.2.3