From fb687b7217a0636800266373a0ebe969fbf253b7 Mon Sep 17 00:00:00 2001 From: theirix Date: Sat, 13 Aug 2016 13:10:11 +0300 Subject: Fix another overflow in DRDA --- src/lib/protocols/drda.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/protocols/drda.c b/src/lib/protocols/drda.c index 9369665db..052dad8f0 100644 --- a/src/lib/protocols/drda.c +++ b/src/lib/protocols/drda.c @@ -38,7 +38,7 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, { struct ndpi_packet_struct * packet = &flow->packet; u_int16_t payload_len = packet->payload_packet_len; - u_int16_t count = 0; + u_int count = 0; // prevent integer overflow if(packet->tcp != NULL) { -- cgit v1.2.3 From 76f74540497535373ac3fe6069faef4011cee025 Mon Sep 17 00:00:00 2001 From: theirix Date: Wed, 17 Aug 2016 14:15:36 +0300 Subject: Fixed drda loop logic --- src/lib/protocols/drda.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/protocols/drda.c b/src/lib/protocols/drda.c index 052dad8f0..fe75379ff 100644 --- a/src/lib/protocols/drda.c +++ b/src/lib/protocols/drda.c @@ -52,7 +52,7 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t len = ntohs(drda->length); /* check first header */ - if(len != ntohs(drda->length2) + 6 && + if(len != ntohs(drda->length2) + 6 || drda->magic != 0xd0) goto no_drda; @@ -67,7 +67,7 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, drda = (struct ndpi_drda_hdr *)(packet->payload + count); len = ntohs(drda->length); - if(len != ntohs(drda->length2) + 6 && + if(len != ntohs(drda->length2) + 6 || drda->magic != 0xd0) goto no_drda; -- cgit v1.2.3