From 552076a36c0af486a8c25dbd31905ad6feb71498 Mon Sep 17 00:00:00 2001
From: theirix <theirix@gmail.com>
Date: Tue, 19 Apr 2016 18:08:23 +0300
Subject: Fixed dns buffer overflow

---
 src/lib/protocols/dns.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index f8b50f733..98df46481 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -112,10 +112,8 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
     ret_code = (is_query == 0) ? 0 : (dns_header.flags & 0x0F);
     int j = 0;
     int off = sizeof(struct ndpi_dns_packet_header) + 1;
-    while((flow->packet.payload[off] != '\0'))
+    while(flow->packet.payload[off] != '\0' && off < flow->packet.payload_packet_len)
     {
-      if(off < flow->packet.payload_packet_len)
-      {
 	flow->host_server_name[j] = flow->packet.payload[off];
 	if(j < strlen((char*)flow->host_server_name)) {
 	  if(flow->host_server_name[j] < ' ')
@@ -123,7 +121,6 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	  j++;
 	}
 	off++;
-      }
     }
     flow->host_server_name[j] = '\0';
 
-- 
cgit v1.2.3