vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-10 09:19:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Hardening fixes for packer parsing

Browse source
This commit is contained in:
Luca Deri 2019-05-03 18:08:12 +02:00
parent 361ab030bc
commit e99a0abfba
2 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/lib/ndpi_main.c
View file

@ -5036,7 +5036,8 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc
packet->line[packet->parsed_lines].ptr = packet->payload;
packet->line[packet->parsed_lines].len = 0;
for(a = 0; a < packet->payload_packet_len; a++) {
for(a = 0; (a < packet->payload_packet_len)
&& (packet->parsed_lines < NDPI_MAX_PARSE_LINES_PER_PACKET); a++) {
if((a + 1) == packet->payload_packet_len)
return; /* Return if only one byte remains (prevent invalid reads past end-of-buffer) */

7
src/lib/protocols/mail_smtp.c
View file

@ -58,13 +58,16 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct
NDPI_LOG_DBG(ndpi_struct, "search mail_smtp\n");
if (packet->payload_packet_len > 2 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) {
if((packet->payload_packet_len > 2)
&& (packet->parsed_lines < NDPI_MAX_PARSE_LINES_PER_PACKET)
&& (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a)
) {
u_int8_t a;
u_int8_t bit_count = 0;
NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow,packet);
for (a = 0; a < packet->parsed_lines; a++) {
for (a = 0; a < packet->parsed_lines; a++) {
// expected server responses
if (packet->line[a].len >= 3) {
if (memcmp(packet->line[a].ptr, "220", 3) == 0) {