From ccb30a04ad6f7b0e954549c3e961312b143bc511 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Wed, 8 Jul 2020 00:21:00 +0200 Subject: Fixed thunder protocol detection heap overflow caused by missing lengthcheck. * triggered by fuzz traces from wireshark Signed-off-by: Toni Uhlig --- src/lib/protocols/thunder.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index 30194d153..4d477499d 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -118,6 +118,7 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct packet->content_line.len == 24 && memcmp(packet->content_line.ptr, "application/octet-stream", 24) == 0 && packet->empty_line_position_set < (packet->payload_packet_len - 8) + && packet->payload_packet_len > (packet->empty_line_position + 5) && packet->payload[packet->empty_line_position + 2] >= 0x30 && packet->payload[packet->empty_line_position + 2] < 0x40 && packet->payload[packet->empty_line_position + 3] == 0x00 -- cgit v1.2.3