From 37abe0daea8c964dbd2e09058074bfc7ae053199 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 10 Sep 2020 20:06:25 +0200 Subject: Added boundary check --- src/lib/protocols/kerberos.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/lib/protocols') diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 10c2b5a65..fa0ab6cb6 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -252,7 +252,9 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, realm_offset = cname_len + name_offset + 3; /* if cname does not end with a $ then it's a username */ - if(cname_len && cname_str[cname_len-1] == '$') { + if(cname_len + && (cname_len < sizeof(cname_str)) + && (cname_str[cname_len-1] == '$')) { cname_str[cname_len-1] = '\0'; snprintf(flow->protos.kerberos.hostname, sizeof(flow->protos.kerberos.hostname), "%s", cname_str); } else -- cgit v1.2.3