Heap-buffer-overflow fix

ntop · Nov 4, 2024 · 4e18a56 · 4e18a56
1 parent b63f74a
commit 4e18a56
Showing 1 changed file with 18 additions and 15 deletions.
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
@@ -1034,23 +1034,26 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
                                   "Digest", packet->authorization_line.len))) {
         size_t content_len;
         u_int len = b ? 7 : 6;
-        u_char *content = ndpi_base64_decode((const u_char*)&packet->authorization_line.ptr[len],
-                                             packet->authorization_line.len - len, &content_len);
 
-        if(content != NULL) {
-          char *double_dot = strchr((char*)content, ':');
-
-          if(double_dot) {
-            double_dot[0] = '\0';
-            flow->http.username = ndpi_strdup((char*)content);
-            flow->http.password = ndpi_strdup(&double_dot[1]);
-          }
-
-          ndpi_free(content);
-        }
+	if(packet->authorization_line.len > len) {
+	  u_char *content = ndpi_base64_decode((const u_char*)&packet->authorization_line.ptr[len],
+					       packet->authorization_line.len - len, &content_len);
+
+	  if(content != NULL) {
+	    char *double_dot = strchr((char*)content, ':');
+
+	    if(double_dot) {
+	      double_dot[0] = '\0';
+	      flow->http.username = ndpi_strdup((char*)content);
+	      flow->http.password = ndpi_strdup(&double_dot[1]);
+	    }
+
+	    ndpi_free(content);
+	  }
 
-        ndpi_set_risk(flow, NDPI_CLEAR_TEXT_CREDENTIALS,
-                      "Found credentials in HTTP Auth Line");
+	  ndpi_set_risk(flow, NDPI_CLEAR_TEXT_CREDENTIALS,
+			"Found credentials in HTTP Auth Line");
+	}
       }
     }
   }