ndpiReader: fix VXLAN de-tunneling

``` ==20665==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6040000aec81 at pc 0x0000004f5c6f bp 0x7fff07e9e1f0 sp 0x7fff07e9e1e8 READ of size 1 at 0x6040000aec81 thread T0 SCARINESS: 12 (1-byte-read-heap-buffer-overflow) #0 0x4f5c6e in ndpi_is_valid_vxlan ndpi/example/reader_util.c:1784:6 #1 0x4f5c6e in ndpi_workflow_process_packet ndpi/example/reader_util.c:2292:16 #2 0x4dd821 in LLVMFuzzerTestOneInput ndpi/fuzz/fuzz_ndpi_reader.c:135:7 #3 0x4f91ba in ExecuteFilesOnyByOne /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:234:7 #4 0x4f8f8c in main /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:318:12 #5 0x7f2289324082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16 #6 0x41e6cd in _start ``` Found by oss-fuzz. See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57369
ntop · Mar 25, 2023 · 82006cd · 82006cd
1 parent ddb9aa0
commit 82006cd
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/example/reader_util.c b/example/reader_util.c
@@ -1746,7 +1746,7 @@ int ndpi_is_datalink_supported(int datalink_type) {
 }
 
 static bool ndpi_is_valid_vxlan(const struct pcap_pkthdr *header, const u_char *packet, u_int16_t ip_offset, u_int16_t ip_len){
-  if(header->caplen < ip_offset + ip_len + sizeof(struct ndpi_vxlanhdr)) {
+  if(header->caplen < ip_offset + ip_len + sizeof(struct ndpi_udphdr) + sizeof(struct ndpi_vxlanhdr)) {
     return false;
   }
   u_int32_t vxlan_dst_port  = ntohs(4789);