From 83685684434f5f1b6519c74f0a0e3965e36e6126 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Tue, 26 Nov 2019 17:45:08 +0100
Subject: Added buffer overflow check in smpp dissector

---
 src/lib/protocols/smpp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c
index c188bd91f..e0521ae12 100644
--- a/src/lib/protocols/smpp.c
+++ b/src/lib/protocols/smpp.c
@@ -68,7 +68,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct,
       u_int32_t tmp_pdu_l = 0;
       u_int16_t pdu_c = 1;
       // loop PDUs (check if lengths are valid)
-      while(total_pdu_l < packet->payload_packet_len) {
+      while(total_pdu_l < (packet->payload_packet_len-4)) {
 	// get next PDU length
 	tmp_pdu_l = ntohl(get_u_int32_t(packet->payload, total_pdu_l));
 	// if zero or overflowing , return, will try the next TCP segment
-- 
cgit v1.2.3