From bdd295bc2c8ec51357b4b43db17b50844acce540 Mon Sep 17 00:00:00 2001
From: Ivan Kapranov <44571881+koltiradw@users.noreply.github.com>
Date: Thu, 6 Jul 2023 12:13:34 +0300
Subject: fix Stack overflow caused by invalid write in
 ndpi_automa_match_strin…  (#2035)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* minor fixes

fixed 'handle leak' in ndpi_load_malicious_sha1_file and removed the redundant comparison ndpi_search_eaq

* fix Stack overflow caused by invalid write in ndpi_automa_match_string_subprotocol

* fix compile errors

* fix

---------

Co-authored-by: Ivan Kapranov <i.kapranov@securitycode.ru>
---
 src/lib/ndpi_main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index ab5f7b6e8..839e8a334 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -8629,7 +8629,7 @@ static u_int16_t ndpi_automa_match_string_subprotocol(struct ndpi_detection_modu
 #ifdef NDPI_ENABLE_DEBUG_MESSAGES
   {
     char m[256];
-    int len = ndpi_min(sizeof(m), string_to_match_len);
+    u_int len = ndpi_min(sizeof(m) - 1, string_to_match_len);
 
     strncpy(m, string_to_match, len);
     m[len] = '\0';
@@ -8655,7 +8655,7 @@ static u_int16_t ndpi_automa_match_string_subprotocol(struct ndpi_detection_modu
 #ifdef NDPI_ENABLE_DEBUG_MESSAGES
   {
     char m[256];
-    int len = ndpi_min(sizeof(m), string_to_match_len);
+    u_int len = ndpi_min(sizeof(m) - 1, string_to_match_len);
 
     strncpy(m, string_to_match, len);
     m[len] = '\0';
-- 
cgit v1.2.3