From 4e18a56d61e2c73e972bfd9d8a2ed72a57d2f0ee Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 4 Nov 2024 08:34:01 +0100 Subject: [PATCH] Heap-buffer-overflow fix --- src/lib/protocols/http.c | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index bdbd74f4016..fb1cf446bc3 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1034,23 +1034,26 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ "Digest", packet->authorization_line.len))) { size_t content_len; u_int len = b ? 7 : 6; - u_char *content = ndpi_base64_decode((const u_char*)&packet->authorization_line.ptr[len], - packet->authorization_line.len - len, &content_len); - if(content != NULL) { - char *double_dot = strchr((char*)content, ':'); - - if(double_dot) { - double_dot[0] = '\0'; - flow->http.username = ndpi_strdup((char*)content); - flow->http.password = ndpi_strdup(&double_dot[1]); - } - - ndpi_free(content); - } + if(packet->authorization_line.len > len) { + u_char *content = ndpi_base64_decode((const u_char*)&packet->authorization_line.ptr[len], + packet->authorization_line.len - len, &content_len); + + if(content != NULL) { + char *double_dot = strchr((char*)content, ':'); + + if(double_dot) { + double_dot[0] = '\0'; + flow->http.username = ndpi_strdup((char*)content); + flow->http.password = ndpi_strdup(&double_dot[1]); + } + + ndpi_free(content); + } - ndpi_set_risk(flow, NDPI_CLEAR_TEXT_CREDENTIALS, - "Found credentials in HTTP Auth Line"); + ndpi_set_risk(flow, NDPI_CLEAR_TEXT_CREDENTIALS, + "Found credentials in HTTP Auth Line"); + } } } }