Merge pull request #342 from utoni/fix/ovpn-probe-read-overflow

fix possible buffer overflow
yrutschle · Aug 31, 2023 · 1f0cab2 · 1f0cab2
2 parents ff9328f + c7ddee0
commit 1f0cab2
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/probe.c b/probe.c
@@ -173,13 +173,13 @@ static int is_openvpn_protocol (const char*p,ssize_t len, struct sslhcfg_protoco
          * whereas the packet id is increased with every transmitted datagram.
          */
 
-        if (len <= OVPN_HARD_RESET_PACKET_ID_OFFSET(OVPN_HMAC_128))
+        if (len <= OVPN_HARD_RESET_PACKET_ID_OFFSET(OVPN_HMAC_128) + 4)
             return PROBE_NEXT;
 
         if (ntohl(*(uint32_t*)(p + OVPN_HARD_RESET_PACKET_ID_OFFSET(OVPN_HMAC_128))) <= 5u)
             return PROBE_MATCH;
 
-        if (len <= OVPN_HARD_RESET_PACKET_ID_OFFSET(OVPN_HMAC_160))
+        if (len <= OVPN_HARD_RESET_PACKET_ID_OFFSET(OVPN_HMAC_160) + 4)
             return PROBE_NEXT;
 
         if (ntohl(*(uint32_t*)(p + OVPN_HARD_RESET_PACKET_ID_OFFSET(OVPN_HMAC_160))) <= 5u)