From d86d632fe63114792a1fa150f8290e12bfa8f71d Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Fri, 24 Jan 2020 21:04:27 +0100
Subject: Added memory boundary check in HTTP dissector

---
 src/lib/protocols/http.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 14be88246..00522cfb9 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -300,7 +300,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
 	      setHttpUserAgent(ndpi_struct, flow, token);
 	  }
 	}
-      } else if(memcmp(ua, "netflix-ios-app", 15) == 0) {
+      } else if((packet->user_agent_line.len > 14) && (memcmp(ua, "netflix-ios-app", 15) == 0)) {
 	NDPI_LOG_INFO(ndpi_struct, "found netflix\n");
       	ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING);
       	return;
-- 
cgit v1.2.3