1 files changed, 16 insertions, 0 deletions

diff --git a/net-libs/nDPI/files/nDPI-3.4-fix-oob-in-kerberos-dissector.patch b/net-libs/nDPI/files/nDPI-3.4-fix-oob-in-kerberos-dissector.patch
new file mode 100644
index 000000000000..7e8f381cdeab
--- /dev/null
+++ b/net-libs/nDPI/files/nDPI-3.4-fix-oob-in-kerberos-dissector.patch
@@ -0,0 +1,16 @@
+Sourced from https://github.com/gentoo/gentoo/commit/c02681fcb7839ac1829ec09394334ddbca1b0aea
+
+diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
+index fa0ab6cb..32319668 100644
+--- a/src/lib/protocols/kerberos.c
++++ b/src/lib/protocols/kerberos.c
+@@ -189,7 +189,8 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
+ 
+ 	      body_offset = koffsetp + 1 + pad_len;
+ 
+-	      for(i=0; i<10; i++) if(body_offset<packet->payload_packet_len && packet->payload[body_offset] != 0x05) body_offset++; /* ASN.1 */
++	      for(i=0; i<10 && body_offset < packet->payload_packet_len; i++)
++  	        if(packet->payload[body_offset] != 0x05) body_offset++; /* ASN.1 */
+ #ifdef KERBEROS_DEBUG
+ 	      printf("body_offset=%u [%02X %02X] [byte 0 must be 0x05]\n", body_offset, packet->payload[body_offset], packet->payload[body_offset+1]);
+ #endif