From fb2027cc8ec246cf10fe24784c3569f97ddfa6f1 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Sun, 22 Nov 2020 11:03:26 +0100
Subject: iec60870-5-104: fix heap-buffer-overflow error (#1066)

---
 src/lib/protocols/iec60870-5-104.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/iec60870-5-104.c b/src/lib/protocols/iec60870-5-104.c
index 0ba26fa1e..d018e8031 100644
--- a/src/lib/protocols/iec60870-5-104.c
+++ b/src/lib/protocols/iec60870-5-104.c
@@ -38,7 +38,7 @@ void ndpi_search_iec60870_tcp(struct ndpi_detection_module_struct *ndpi_struct,
   if(packet->tcp) {
     u_int16_t offset = 0, found = 0;
     
-    while(offset < packet->payload_packet_len) {
+    while(offset + 1 < packet->payload_packet_len) {
       /* The start byte of 104 is 0x68 */
       if(packet->payload[offset] == 0x68) {
 	u_int8_t len = packet->payload[offset+1];
-- 
cgit v1.2.3