diff options
| author | Toni <matzeton@googlemail.com> | 2023-05-20 16:18:52 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-20 16:18:52 +0200 |
| commit | 5e8f93c2d157b4af818bc80b2737ee17e920e8e9 (patch) | |
| tree | fe4b1c70eb91dacfc139388c5e33dda0d3499b16 | |
| parent | 8f718c90519171e09e4e9877bf3c59cc6343c794 (diff) | |
Improved missing usage of nDPIs malloc wrapper. Fixes #1978. (#1979)
* added CI check
Signed-off-by: lns <matzeton@googlemail.com>
| -rw-r--r-- | .github/workflows/build.yml | 8 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_serializer.c | 4 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 6 | ||||
| -rw-r--r-- | src/lib/third_party/src/gcrypt/aesni.c | 2 | ||||
| -rw-r--r-- | src/lib/third_party/src/gcrypt_light.c | 2 | ||||
| -rwxr-xr-x | utils/check_symbols.sh | 41 |
8 files changed, 57 insertions, 9 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 20ddbeacd..2cbc50b95 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -300,12 +300,18 @@ jobs: - name: Print nDPI long help if: startsWith(matrix.arch, 'x86_64') && !startsWith(matrix.os, 'windows') run: | - ./example/ndpiReader -H + ./example/ndpiReader -H - name: Install nDPI if: startsWith(matrix.arch, 'x86_64') && !startsWith(matrix.os, 'windows') run: | make install DESTDIR=$(realpath _install) ls -alhHR _install + - name: Test nDPI [SYMBOLS] + if: (startsWith(matrix.os, 'ubuntu') || startsWith(matrix.os, 'mac')) && startsWith(matrix.arch, 'x86_64') + run: | + ./utils/check_symbols.sh || { FAILED=$?; echo "::error file=${NDPI_LIB}::Unwanted libc symbols found: ${FAILED}. Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of malloc/calloc/realloc/free."; false; } + env: + NDPI_LIB: src/lib/libndpi.a - name: Test nDPI [DIFF] if: startsWith(matrix.arch, 'x86_64') && !startsWith(matrix.os, 'windows') run: | diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 48a3c0f24..c00627153 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1164,6 +1164,7 @@ static ndpi_protocol_match host_match[] = { "zattosecurehd2-f.akamaihd.net", "Zattoo", NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "classroom.google.com", "GoogleClassroom", NDPI_PROTOCOL_GOOGLE_CLASSROOM, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "backup.googleapis.com", "GoogleCloud", NDPI_PROTOCOL_GOOGLE_CLOUD, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "fortinet.com", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "sophos.com", "Cybersec", NDPI_PROTOCOL_CYBERSECURITY, NDPI_PROTOCOL_CATEGORY_CYBERSECURITY, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9fd4ab118..fb8ac2060 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3353,7 +3353,7 @@ static void free_ptree_data(void *data) { while(item != NULL) { struct patricia_uv16_list *next = item->next; - free(item); + ndpi_free(item); item = next; } } diff --git a/src/lib/ndpi_serializer.c b/src/lib/ndpi_serializer.c index 9d3fe9892..08b7734f7 100644 --- a/src/lib/ndpi_serializer.c +++ b/src/lib/ndpi_serializer.c @@ -432,13 +432,13 @@ void ndpi_term_serializer(ndpi_serializer *_serializer) { ndpi_private_serializer *serializer = (ndpi_private_serializer*)_serializer; if(serializer->buffer.data) { - free(serializer->buffer.data); + ndpi_free(serializer->buffer.data); serializer->buffer.size = 0; serializer->buffer.data = NULL; } if(serializer->header.data) { - free(serializer->header.data); + ndpi_free(serializer->header.data); serializer->header.size = 0; serializer->header.data = NULL; } diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 8020ea540..c527cefb1 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1738,7 +1738,7 @@ static void ndpi_compile_rce_regex() { #endif } - free((void *)pcreErrorStr); + ndpi_free((void *)pcreErrorStr); } static int ndpi_is_rce_injection(char* query) { @@ -2253,7 +2253,7 @@ void ndpi_hash_free(ndpi_str_hash **h, void (*cleanup_func)(ndpi_str_hash *h)) { cleanup_func((ndpi_str_hash *)current); } - free(current); + ndpi_free(current); } *h = NULL; @@ -2415,7 +2415,7 @@ static void ndpi_handle_risk_exceptions(struct ndpi_detection_module_struct *ndp */ for(i=0; i<flow->num_risk_infos; i++) { if(flow->risk_infos[i].info != NULL) { - free(flow->risk_infos[i].info); + ndpi_free(flow->risk_infos[i].info); flow->risk_infos[i].info = NULL; } } diff --git a/src/lib/third_party/src/gcrypt/aesni.c b/src/lib/third_party/src/gcrypt/aesni.c index d1379de6f..3ddf8cabe 100644 --- a/src/lib/third_party/src/gcrypt/aesni.c +++ b/src/lib/third_party/src/gcrypt/aesni.c @@ -97,7 +97,7 @@ int mbedtls_aesni_has_support( unsigned int what ) break; /* We giveup */ } - free(line); + ndpi_free(line); fclose(fd); has_aesni_checked = 1; diff --git a/src/lib/third_party/src/gcrypt_light.c b/src/lib/third_party/src/gcrypt_light.c index 512f67bb5..5a4321e75 100644 --- a/src/lib/third_party/src/gcrypt_light.c +++ b/src/lib/third_party/src/gcrypt_light.c @@ -22,7 +22,7 @@ /****************************/ #define mbedtls_calloc ndpi_calloc -#define mbedtls_free ndpi_free +#define mbedtls_free ndpi_free #include "gcrypt_light.h" diff --git a/utils/check_symbols.sh b/utils/check_symbols.sh new file mode 100755 index 000000000..32f4fac89 --- /dev/null +++ b/utils/check_symbols.sh @@ -0,0 +1,41 @@ +#!/usr/bin/env sh + +set -e + +SCRIPT_DIR="$(realpath $(dirname ${0}))" +NDPI_LIB="${1:-${SCRIPT_DIR}/../src/lib/libndpi.a}" + +if [ ! -r "${NDPI_LIB}" ]; then + printf '%s\n' "${0}: nDPI static library '$(realpath ${NDPI_LIB})' not found." + exit 1 +fi + +FAIL_COUNT=0 +CURRENT_OBJECT='' +for line in `nm -P -u "${NDPI_LIB}"`; do + OBJECT="$(printf '%s' "${line}" | grep -E "^${NDPI_LIB}\[.*\.o\]:" | grep -oE "\[.*\.o\]" || true)" + if [ ! -z "${OBJECT}" ]; then + CURRENT_OBJECT="${OBJECT}" + fi + + #printf '%s\n' "${line}" + FOUND_SYMBOL="$(printf '%s' "${line}" | grep '^\(malloc\|calloc\|realloc\|free\)$' || true)" + + if [ ! -z "${FOUND_SYMBOL}" ]; then + SKIP=0 + case "${CURRENT_OBJECT}" in + '[ndpi_utils.o]'|'[ndpi_memory.o]'|'[roaring.o]') SKIP=1 ;; + esac + + if [ ${SKIP} -eq 0 ]; then + FAIL_COUNT="$(expr ${FAIL_COUNT} + 1)" + printf '%s: %s\n' "${CURRENT_OBJECT}" "${FOUND_SYMBOL}" + fi + fi +done + +printf 'Unwanted symbols found: %s\n' "${FAIL_COUNT}" +if [ ${FAIL_COUNT} -gt 0 ]; then + printf '%s\n' 'Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of malloc/calloc/realloc/free' +fi +exit ${FAIL_COUNT} |