From fe513014a8f5156b243ec2eb5e6862a0506c6632 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 12 Mar 2020 14:13:04 +0100 Subject: Fix buffer over read in dns --- src/lib/protocols/dns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 2f8fd5612..8290ca9dc 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -113,7 +113,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, && (((dns_header->flags & 0x2800) == 0x2800 /* Dynamic DNS Update */) || ((dns_header->num_answers == 0) && (dns_header->authority_rrs == 0)))) { /* This is a good query */ - while(x < flow->packet.payload_packet_len) { + while(x+2 < flow->packet.payload_packet_len) { if(flow->packet.payload[x] == '\0') { x++; flow->protos.dns.query_type = get16(&x, flow->packet.payload); -- cgit v1.2.3