From e282e43279df4d1f562a7fc67994ab3ca0f66e73 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Thu, 12 Mar 2020 22:21:07 +0100 Subject: Fixes netbios overread This commit inherits from https://github.com/ntop/nDPI/commit/7a2bcd9c395f9fe554109e04add33e9e65564d82 but leaves ndpi_netbios_name_interpret as part of the API as it is used by ntopng --- src/lib/protocols/netbios.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/lib/protocols') diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index edc9f755f..a53a2bfe1 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -38,7 +38,7 @@ struct netbios_header { /* ****************************************************************** */ /* The function below has been inherited by tcpdump */ -int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len) { +int ndpi_netbios_name_interpret(char *in, size_t inlen, char *out, u_int out_len) { int ret = 0, len; char *b; @@ -46,7 +46,7 @@ int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len) { b = out; *out = 0; - if(len > (out_len-1) || len < 1) + if(len > (out_len-1) || len < 1 || 2*len > inlen) return(-1); while (len--) { @@ -80,7 +80,7 @@ static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct char name[64]; u_int off = flow->packet.payload[12] == 0x20 ? 12 : 14; - if(ndpi_netbios_name_interpret((char*)&flow->packet.payload[off], name, sizeof(name)) > 0) + if(ndpi_netbios_name_interpret((char*)&flow->packet.payload[off], flow->packet.payload_packet_len - off, name, sizeof(name)) > 0) snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); if(sub_protocol == NDPI_PROTOCOL_UNKNOWN) -- cgit v1.2.3