From 49810055721ee981527ac1b65e0e37dd32eade85 Mon Sep 17 00:00:00 2001
From: theirix <theirix@gmail.com>
Date: Sun, 7 Aug 2016 22:36:36 +0300
Subject: Fixed QUIC crash

---
 src/lib/protocols/quic.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index 6e1ad77cc..8050a9b61 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -82,7 +82,8 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
     NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found QUIC.\n");
     ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_PROTOCOL_UNKNOWN);
 
-    if(!strncmp((char*)&packet->payload[quic_hlen+17], "CHLO" /* Client Hello */, 4)) {
+    if(udp_len > quic_hlen + 17 + 4 &&
+         !strncmp((char*)&packet->payload[quic_hlen+17], "CHLO" /* Client Hello */, 4)) {
       /* Check if SNI (Server Name Identification) is present */
       for(i=quic_hlen+12; i<udp_len-3; i++) {
 	if((packet->payload[i] == 'S')
@@ -94,7 +95,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
 	  int len = offset-prev_offset;
 	  int sni_offset = i+prev_offset+1;
 
-	  while((packet->payload[sni_offset] == '-') && (sni_offset < udp_len))
+	  while((sni_offset < udp_len) && (packet->payload[sni_offset] == '-'))
 	    sni_offset++;
 
 	  if((sni_offset+len) < udp_len) {
-- 
cgit v1.2.3