vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 00:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fix heap-overflow error in CAPWAP detunneling code

Browse source
This commit is contained in:
Nardi Ivan 2020-04-24 10:42:52 +02:00
parent c2ebbb15ad
commit 097127c31d
1 changed files with 15 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

26
example/reader_util.c
View file

@ -1810,22 +1810,26 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow,
/* We dissect ONLY CAPWAP traffic */
u_int offset = ip_offset+ip_len+sizeof(struct ndpi_udphdr);
if((offset+40) < header->caplen) {
u_int16_t msg_len = packet[offset+1] >> 1;
if((offset+1) < header->caplen) {
uint8_t preamble = packet[offset];
offset += msg_len;
if((preamble & 0x0F) == 0) { /* CAPWAP header */
u_int16_t msg_len = (packet[offset+1] & 0xF8) >> 1;
if(packet[offset] == 0x02) {
/* IEEE 802.11 Data */
offset += msg_len;
offset += 24;
/* LLC header is 8 bytes */
type = ntohs((u_int16_t)*((u_int16_t*)&packet[offset+6]));
if((offset + 32 < header->caplen) && (packet[offset] == 0x02)) {
/* IEEE 802.11 Data */
ip_offset = offset + 8;
offset += 24;
/* LLC header is 8 bytes */
type = ntohs((u_int16_t)*((u_int16_t*)&packet[offset+6]));
tunnel_type = ndpi_capwap_tunnel;
goto iph_check;
ip_offset = offset + 8;
tunnel_type = ndpi_capwap_tunnel;
goto iph_check;
}
}
}
}