Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed use after free caused by dangling pointer
 * This fix also improved RCE Injection detection

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
  • Loading branch information
utoni committed Jun 21, 2020
1 parent fd0591b commit 6a9f5e4
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 51 deletions.
3 changes: 2 additions & 1 deletion src/lib/ndpi_main.c
Expand Up @@ -4336,7 +4336,8 @@ static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet) {
packet->accept_line.len = 0, packet->user_agent_line.ptr = NULL, packet->user_agent_line.len = 0,
packet->http_url_name.ptr = NULL, packet->http_url_name.len = 0, packet->http_encoding.ptr = NULL,
packet->http_encoding.len = 0, packet->http_transfer_encoding.ptr = NULL, packet->http_transfer_encoding.len = 0,
packet->http_contentlen.ptr = NULL, packet->http_contentlen.len = 0, packet->http_cookie.ptr = NULL,
packet->http_contentlen.ptr = NULL, packet->http_contentlen.len = 0, packet->content_disposition_line.ptr = NULL,
packet->content_disposition_line.len = 0, packet->http_cookie.ptr = NULL,
packet->http_cookie.len = 0, packet->http_origin.len = 0, packet->http_origin.ptr = NULL,
packet->http_x_session_type.ptr = NULL, packet->http_x_session_type.len = 0, packet->server_line.ptr = NULL,
packet->server_line.len = 0, packet->http_method.ptr = NULL, packet->http_method.len = 0,
Expand Down
Binary file added tests/pcap/http-crash-content-disposition.pcap
Binary file not shown.

0 comments on commit 6a9f5e4

Please sign in to comment.