From 04a426feef3399a2354b4aa10ee2a28cf107fb45 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Sat, 25 Mar 2023 19:19:51 +0100
Subject: [PATCH] ndpiReader: fix VXLAN de-tunneling (#1913)

```
==20665==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6040000aec81 at pc 0x0000004f5c6f bp 0x7fff07e9e1f0 sp 0x7fff07e9e1e8
READ of size 1 at 0x6040000aec81 thread T0
SCARINESS: 12 (1-byte-read-heap-buffer-overflow)
    #0 0x4f5c6e in ndpi_is_valid_vxlan ndpi/example/reader_util.c:1784:6
    #1 0x4f5c6e in ndpi_workflow_process_packet ndpi/example/reader_util.c:2292:16
    #2 0x4dd821 in LLVMFuzzerTestOneInput ndpi/fuzz/fuzz_ndpi_reader.c:135:7
    #3 0x4f91ba in ExecuteFilesOnyByOne /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:234:7
    #4 0x4f8f8c in main /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:318:12
    #5 0x7f2289324082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
    #6 0x41e6cd in _start
```
Found by oss-fuzz.
See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57369
---
 example/reader_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/example/reader_util.c b/example/reader_util.c
index f5705bec0d6..678b454b76b 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1746,7 +1746,7 @@ int ndpi_is_datalink_supported(int datalink_type) {
 }
 
 static bool ndpi_is_valid_vxlan(const struct pcap_pkthdr *header, const u_char *packet, u_int16_t ip_offset, u_int16_t ip_len){
-  if(header->caplen < ip_offset + ip_len + sizeof(struct ndpi_vxlanhdr)) {
+  if(header->caplen < ip_offset + ip_len + sizeof(struct ndpi_udphdr) + sizeof(struct ndpi_vxlanhdr)) {
     return false;
   }
   u_int32_t vxlan_dst_port  = ntohs(4789);