From a3da5604a38a1b2b240a9d692dade086148eb2e4 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Mon, 10 Feb 2020 15:25:40 +0100
Subject: Allocation fix in kerberos dissector

---
 src/lib/protocols/kerberos.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
index ca5f73c5c..2bacbf510 100644
--- a/src/lib/protocols/kerberos.c
+++ b/src/lib/protocols/kerberos.c
@@ -105,13 +105,22 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
       */
       if(kerberos_len > expected_len) {
 	if(packet->tcp) {
-	  if(flow->kerberos_buf.pktbuf == NULL)
+	  if(flow->kerberos_buf.pktbuf == NULL) {
 	    flow->kerberos_buf.pktbuf = (char*)ndpi_malloc(kerberos_len+4);
+
+	    if(flow->kerberos_buf.pktbuf != NULL) {
+	      flow->kerberos_buf.pktbuf_maxlen = kerberos_len+4;	      
+#ifdef KERBEROS_DEBUG
+	      printf("[Kerberos] Allocated %u bytes\n", flow->kerberos_buf.pktbuf_maxlen);
+#endif	      
+	    }
+	  }
 	  
 	  if(flow->kerberos_buf.pktbuf != NULL) {
-	    flow->kerberos_buf.pktbuf_maxlen = kerberos_len+4;
-	    memcpy(flow->kerberos_buf.pktbuf, packet->payload, packet->payload_packet_len);
-	    flow->kerberos_buf.pktbuf_currlen = packet->payload_packet_len;
+	    if(packet->payload_packet_len <= flow->kerberos_buf.pktbuf_maxlen) {
+	      memcpy(flow->kerberos_buf.pktbuf, packet->payload, packet->payload_packet_len);
+	      flow->kerberos_buf.pktbuf_currlen = packet->payload_packet_len;
+	    }
 	  }
 	}
 	
-- 
cgit v1.2.3