From 9f050fa0a65f3403c1f8296faf5f9d88d4900a8d Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Tue, 18 Jan 2022 21:52:37 +0100
Subject: TLS, H323, examples: fix some memory errors (#1414)

Detected by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26880
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26906
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43782
https://oss-fuzz.com/testcase-detail/6334089358082048
---
 src/lib/protocols/h323.c | 2 +-
 src/lib/protocols/tls.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c
index 7774b9d0a..c52ddb0f6 100644
--- a/src/lib/protocols/h323.c
+++ b/src/lib/protocols/h323.c
@@ -46,7 +46,7 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n
     NDPI_LOG_DBG2(ndpi_struct, "calculated dport over tcp\n");
 
     /* H323  */
-    if(packet->payload_packet_len > 4
+    if(packet->payload_packet_len > 5
        && (packet->payload[0] == 0x03)
        && (packet->payload[1] == 0x00)) {
       struct tpkt *t = (struct tpkt*)packet->payload;
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index fe28b8250..600346b83 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -2145,11 +2145,11 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 			    int rc = sprintf(&flow->protos.tls_quic.encrypted_sni.esni[off], "%02X", packet->payload[i] & 0XFF);
 
 			    if(rc <= 0) {
-			      flow->protos.tls_quic.encrypted_sni.esni[off] = '\0';
 			      break;
 			    } else
 			      off += rc;
 			  }
+			  flow->protos.tls_quic.encrypted_sni.esni[off] = '\0';
 			}
 		      }
 		    }
-- 
cgit v1.2.3