From 51e8795bbbf94f411225e40479e3ad7e285b86e0 Mon Sep 17 00:00:00 2001
From: lns <matzeton@googlemail.com>
Date: Sat, 4 Jun 2022 00:33:32 +0200
Subject: [PATCH] Fix syslog heap overflow introduced in
 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c.

 - fixes #1578

Signed-off-by: lns <matzeton@googlemail.com>
---
 src/lib/protocols/syslog.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c
index 406bf5e8fcc..866e0a0c0c2 100644
--- a/src/lib/protocols/syslog.c
+++ b/src/lib/protocols/syslog.c
@@ -68,7 +68,7 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct
       NDPI_LOG_DBG2(ndpi_struct, "no blank following the >: do nothing\n");
     }
 
-    while (i < packet->payload_packet_len)
+    while (i < packet->payload_packet_len - 1)
     {
         if (ndpi_isalnum(packet->payload[i]) == 0)
         {
@@ -86,8 +86,7 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct
 
     if (packet->payload[i] == ':')
     {
-        i++;
-        if (i >= packet->payload_packet_len ||
+        if (++i >= packet->payload_packet_len ||
             packet->payload[i] != ' ')
         {
             NDPI_EXCLUDE_PROTO(ndpi_struct, flow);