aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMrRadix <edo.ermini@gmail.com>2020-07-22 13:06:08 +0200
committerMrRadix <edo.ermini@gmail.com>2020-07-22 13:06:08 +0200
commitaf5d792c0836d14668edb1477afda9949ba699e2 (patch)
tree6dbf6413898115e7cabbd022ed449ff73ad5f6c4
parent8e2cd9ff4320ead7cced1f7bb76b0ee565d88546 (diff)
added sscanf error handling
Diffstat
-rw-r--r--src/lib/protocols/ssh.c25
1 files changed, 19 insertions, 6 deletions
diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c
index 5d10e2c93..fa019691b 100644
--- a/src/lib/protocols/ssh.c
+++ b/src/lib/protocols/ssh.c
@@ -25,7 +25,9 @@
#include "ndpi_protocol_ids.h"
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSH
-#define VERSION_CUTOFF 7.0
+#define MAJOR_CUTOFF 7
+#define MINOR_CUTOFF 0
+#define PATCH_CUTOFF 0
#include "ndpi_api.h"
#include "ndpi_md5.h"
@@ -70,18 +72,29 @@ static void ssh_analyze_signature_version(struct ndpi_detection_module_struct *n
if (str_to_check == NULL) return;
- float version = 0.0;
+ int major = 0;
+ int minor = 0;
+ int patch = 0;
int obsolete_ssh_version = 0;
- sscanf(str_to_check, "SSH-%*f-OpenSSH_%f.%*s", &version);
+ if (sscanf(str_to_check, "SSH-%*f-OpenSSH_%d.%d.%d", &major, &minor, &patch) < 0)
+ return;
+
+ if ((major || minor || patch) == 0) return;
- if (version == 0.0) return;
+ /* checking if is an old version */
+ if (major < MAJOR_CUTOFF) obsolete_ssh_version = 1;
- obsolete_ssh_version = version < VERSION_CUTOFF;
+ else if (major == MAJOR_CUTOFF) {
+ if (minor < MINOR_CUTOFF) obsolete_ssh_version = 1;
+
+ else if (minor == MINOR_CUTOFF)
+ if (patch < PATCH_CUTOFF) obsolete_ssh_version = 1;
+ }
if (obsolete_ssh_version) {
#ifdef SSH_DEBUG
- printf("[SSH] [SSH Version: %.1f]\n", version);
+ printf("[SSH] [SSH Version: %d.%d.%d]\n", major, minor, patch);
#endif
NDPI_SET_BIT(flow->risk, is_client_signature ? NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER : NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER);
Powered by cgit, Themed by Ted Yin.