From 5987ec6014d4006a314f5680ca7b667800db28d2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 9 Jan 2020 17:14:37 +0100 Subject: Added check for preventing TLS misbehavior --- src/lib/protocols/tls.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'src/lib/protocols') diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index b0e192baa..08ce81edd 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -569,10 +569,13 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, packet->payload = p, packet->payload_packet_len = p_len; /* Restore */ flow->l4.tcp.tls.message.buffer_used -= len; - memmove(flow->l4.tcp.tls.message.buffer, - &flow->l4.tcp.tls.message.buffer[len], - flow->l4.tcp.tls.message.buffer_used); - + if(flow->l4.tcp.tls.message.buffer_used > 0) + memmove(flow->l4.tcp.tls.message.buffer, + &flow->l4.tcp.tls.message.buffer[len], + flow->l4.tcp.tls.message.buffer_used); + else + break; + #ifdef DEBUG_TLS_MEMORY printf("[TLS Mem] Left memory buffer %u bytes\n", flow->l4.tcp.tls.message.buffer_used); #endif -- cgit v1.2.3