From 299b9435d0948c822d8aa7b129619c91a2b58138 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 29 Aug 2017 19:56:32 +0200 Subject: Fixed memory out-of-bound issue Added extra check for fixing #366 --- src/include/ndpi_typedefs.h | 2 +- src/lib/protocols/fasttrack.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 124504b79..5624e030f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -961,7 +961,7 @@ struct ndpi_flow_struct { char *url, *content_type; u_int8_t num_request_headers, num_response_headers; u_int8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */ - u_char response_status_code[4]; /* 200, 404, etc. */ + u_char response_status_code[5]; /* 200, 404, etc. */ } http; union { diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c index cb2f20343..c432f6754 100644 --- a/src/lib/protocols/fasttrack.c +++ b/src/lib/protocols/fasttrack.c @@ -42,7 +42,9 @@ void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, // struct ndpi_id_struct *src=ndpi_struct->src; // struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->payload_packet_len > 6 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) { + if ( (packet->payload != NULL) + && (packet->payload_packet_len > 6) + && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a)) { NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "detected 0d0a at the end of the packet.\n"); if (memcmp(packet->payload, "GIVE ", 5) == 0 && packet->payload_packet_len >= 8) { -- cgit v1.2.3