From 2aec630202bf976e8ee978922441a414d4176cb8 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 19 Mar 2020 17:16:41 +0100
Subject: Fix use of uninitialized value in TLS

---
 src/lib/protocols/tls.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 8c351053a..9cf11b26a 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -735,7 +735,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
     u_int16_t base_offset    = packet->tcp ? 38 : 46;
     u_int16_t version_offset = packet->tcp ? 4 : 12;
     u_int16_t offset = 38, extension_len, j;
-    u_int8_t  session_id_len =  packet->tcp ? packet->payload[offset] : packet->payload[46];
+    u_int8_t  session_id_len =  0;
+    if (base_offset < total_len)
+      session_id_len = packet->payload[base_offset];
 
 #ifdef DEBUG_TLS
     printf("SSL [len: %u][handshake_type: %02X]\n", packet->payload_packet_len, handshake_type);
-- 
cgit v1.2.3