From 5587010cfb67baec9087061f2d9f202d55165981 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Fri, 11 Dec 2020 21:01:07 +0100
Subject: soulseek: fix heap buffer overflow (#1083)

Close #1082
---
 src/lib/protocols/soulseek.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c
index ce7db539a..44871c43b 100644
--- a/src/lib/protocols/soulseek.c
+++ b/src/lib/protocols/soulseek.c
@@ -110,7 +110,8 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct,
       u_int32_t index = 0;
 
       if(packet->payload_packet_len >= 12 && packet->payload_packet_len < 300 && get_l32(packet->payload, 4) == 1) {
-	while (!get_u_int16_t(packet->payload, index + 2)
+	while (index + 4 < packet->payload_packet_len &&
+	       !get_u_int16_t(packet->payload, index + 2)
 	       && (index + get_l32(packet->payload, index)) < packet->payload_packet_len - 4) {
 	  if(get_l32(packet->payload, index) < 8)	/*Minimum soulseek login msg is 8B */
 	    break;
-- 
cgit v1.2.3