From 1479c0a2789f94e5adcebfd8cea99a8a1461f820 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Sun, 7 Jun 2020 09:25:19 +0200
Subject: Added TLS bounadry check

---
 src/lib/protocols/tls.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 4f395a34d..1abf494d5 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -315,7 +315,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 
       if((offset+len) < packet->payload_packet_len) {
 	char utcDate[32];
-
+	
 #ifdef DEBUG_TLS
 	u_int j;
 	
@@ -678,7 +678,7 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 	break;
       }
 
-      packet->payload = block, packet->payload_packet_len = block_len+4;
+      packet->payload = block, packet->payload_packet_len = ndpi_min(block_len+4, flow->l4.tcp.tls.message.buffer_used);
 
       if((processed+packet->payload_packet_len) > len) {
 	something_went_wrong = 1;
-- 
cgit v1.2.3