From 39b2786cb6e5e18e5dac66c440ca0d9ea382e70d Mon Sep 17 00:00:00 2001 From: Gabriel Ganne Date: Wed, 6 Mar 2019 14:31:08 +0100 Subject: [PATCH] fix NULL pointer dereference get_ipv6_l4proto() get_ipv6_next() returns NULL on malformed packets. If that happens return the last proto that could be read. This should fix issue #537 --- src/common/get.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/common/get.c b/src/common/get.c index e6304289c..081a67ac6 100644 --- a/src/common/get.c +++ b/src/common/get.c @@ -536,6 +536,8 @@ get_ipv6_l4proto(const ipv6_hdr_t *ip6_hdr, int len) case TCPR_IPV6_NH_HBH: dbgx(3, "Jumping to next extension header (0x%hhx)", proto); exthdr = get_ipv6_next((struct tcpr_ipv6_ext_hdr_base *)ptr, len); + if (exthdr == NULL) + return proto; proto = exthdr->ip_nh; ptr = (u_char *)exthdr; break;