TLS: fix extraction for TLS signature algorithms

``` ==69562==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6100009000fb at pc 0x7f41882003a7 bp 0x7f4183cfbfc0 sp 0x7f4183cfb768 READ of size 32 at 0x6100009000fb thread T1 #0 0x7f41882003a6 in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 ntop#1 0x560b2d7462a1 in processClientServerHello protocols/tls.c:1647 ntop#2 0x560b2d73be6a in processTLSBlock protocols/tls.c:712 ntop#3 0x560b2d73e61f in ndpi_search_tls_udp protocols/tls.c:968 ```
IvanNardi · May 8, 2021 · d9f4b9f · d9f4b9f
1 parent ae2470f
commit d9f4b9f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
@@ -1642,7 +1642,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		tot_signature_algorithms_len = ndpi_min((sizeof(ja3.client.signature_algorithms) / 2) - 1, tot_signature_algorithms_len);
 
 #ifdef TLS_HANDLE_SIGNATURE_ALGORITMS
-		flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms = ndpi_min(tot_signature_algorithms_len, MAX_NUM_TLS_SIGNATURE_ALGORITHMS);
+		flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms = ndpi_min(tot_signature_algorithms_len / 2, MAX_NUM_TLS_SIGNATURE_ALGORITHMS);
 
 		memcpy(flow->protos.tls_quic_stun.tls_quic.client_signature_algorithms,
 		       &packet->payload[s_offset], 2 /* 16 bit */*flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms);