blob: cd34875890cd1eb3b9e7d198e6ca19e9bf09634c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
From 6735bb35c65c60a777557c3277546d5801729995 Mon Sep 17 00:00:00 2001
From: Alfredo Cardigliano <alfredo.cardigliano@gmail.com>
Date: Tue, 21 Jul 2020 00:46:37 +0200
Subject: [PATCH] Fix oob in kerberos dissector
---
src/lib/protocols/kerberos.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
index 2bacbf51..2ed824fa 100644
--- a/src/lib/protocols/kerberos.c
+++ b/src/lib/protocols/kerberos.c
@@ -185,7 +185,8 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
body_offset = koffsetp + 1 + pad_len;
- for(i=0; i<10; i++) if(packet->payload[body_offset] != 0x05) body_offset++; /* ASN.1 */
+ for(i=0; i<10 && body_offset < packet->payload_packet_len; i++)
+ if(packet->payload[body_offset] != 0x05) body_offset++; /* ASN.1 */
#ifdef KERBEROS_DEBUG
printf("body_offset=%u [%02X %02X] [byte 0 must be 0x05]\n", body_offset, packet->payload[body_offset], packet->payload[body_offset+1]);
#endif
|