diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-01-12 13:30:43 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-12 13:30:43 +0100 |
| commit | dd8be1fcb11089b22ab5eb7332d5640b4cae80b0 (patch) | |
| tree | 775a44bbbaeced406a3df3931f5d786f7a517e15 | |
| parent | 0aea509e23e0f0bd368f4796dcf0542d5c9108c7 (diff) | |
Fix some warnings reported by CODESonar (#2227)
Remove some unreached/duplicated code.
Add error checking for `atoi()` calls.
About `isdigit()` and similar functions. The warning reported is:
```
Negative Character Value help
isdigit() is invoked here with an argument of signed type char, but only
has defined behavior for int arguments that are either representable
as unsigned char or equal to the value of macro EOF(-1).
Casting the argument to unsigned char will avoid the undefined behavior.
In a number of libc implementations, isdigit() is implemented using lookup
tables (arrays): passing in a negative value can result in a read underrun.
```
Switching to our macros fix that.
Add a check to `check_symbols.sh` to avoid using the original functions
from libc.
| -rw-r--r-- | example/ndpiReader.c | 2 | ||||
| -rw-r--r-- | example/reader_util.c | 6 | ||||
| -rw-r--r-- | src/lib/ndpi_analyze.c | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_classify.c | 6 | ||||
| -rw-r--r-- | src/lib/ndpi_domain_classify.c | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 66 | ||||
| -rw-r--r-- | src/lib/ndpi_serializer.c | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/checkmk.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/dns.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 12 | ||||
| -rw-r--r-- | src/lib/protocols/kerberos.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/mqtt.c | 6 | ||||
| -rw-r--r-- | src/lib/protocols/protobuf.c | 5 | ||||
| -rw-r--r-- | src/lib/protocols/tcp_udp.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/telegram.c | 2 | ||||
| -rw-r--r-- | src/lib/third_party/src/gcrypt_light.c | 10 | ||||
| -rw-r--r-- | src/lib/third_party/src/ndpi_patricia.c | 7 | ||||
| -rw-r--r-- | src/lib/third_party/src/strptime.c | 8 | ||||
| -rwxr-xr-x | utils/check_symbols.sh | 4 |
20 files changed, 72 insertions, 85 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index eefeb8329..6cc01ed5d 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1963,7 +1963,7 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa fprintf(out, "[Payload: "); for(i=0; i<flow->flow_payload_len; i++) - fprintf(out, "%c", isspace(flow->flow_payload[i]) ? '.' : flow->flow_payload[i]); + fprintf(out, "%c", ndpi_isspace(flow->flow_payload[i]) ? '.' : flow->flow_payload[i]); fprintf(out, "]"); } diff --git a/example/reader_util.c b/example/reader_util.c index b69a11105..f97198c1e 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -129,7 +129,7 @@ int ndpi_analyze_payload(struct ndpi_flow_info *flow, #ifdef DEBUG_PAYLOAD u_int16_t i; for(i=0; i<payload_len; i++) - printf("%c", isprint(payload[i]) ? payload[i] : '.'); + printf("%c", ndpi_isprint(payload[i]) ? payload[i] : '.'); printf("\n"); #endif @@ -247,7 +247,7 @@ static void print_payload_stat(struct payload_stats *p, FILE *out) { fprintf(out, "\t["); for(i=0; i<p->pattern_len; i++) { - fprintf(out, "%c", isprint(p->pattern[i]) ? p->pattern[i] : '.'); + fprintf(out, "%c", ndpi_isprint(p->pattern[i]) ? p->pattern[i] : '.'); } fprintf(out, "]"); @@ -255,7 +255,7 @@ static void print_payload_stat(struct payload_stats *p, FILE *out) { fprintf(out, "["); for(i=0; i<p->pattern_len; i++) { - fprintf(out, "%s%02X", (i > 0) ? " " : "", isprint(p->pattern[i]) ? p->pattern[i] : '.'); + fprintf(out, "%s%02X", (i > 0) ? " " : "", ndpi_isprint(p->pattern[i]) ? p->pattern[i] : '.'); } fprintf(out, "]"); diff --git a/src/lib/ndpi_analyze.c b/src/lib/ndpi_analyze.c index d1b1c38ec..bcfe60a18 100644 --- a/src/lib/ndpi_analyze.c +++ b/src/lib/ndpi_analyze.c @@ -148,7 +148,7 @@ float ndpi_data_average(struct ndpi_analyze_struct *s) { if((!s) || (s->num_data_entries == 0)) return(0); - return((s->num_data_entries == 0) ? 0 : ((float)s->sum_total / (float)s->num_data_entries)); + return((float)s->sum_total / (float)s->num_data_entries); } /* ********************************************************************************* */ diff --git a/src/lib/ndpi_classify.c b/src/lib/ndpi_classify.c index b8bf8213d..78a5222a6 100644 --- a/src/lib/ndpi_classify.c +++ b/src/lib/ndpi_classify.c @@ -559,9 +559,9 @@ ndpi_classify (const unsigned short *pkt_len, const pkt_timeval *pkt_time, void ndpi_update_params (classifier_type_codes_t param_type, const char *param_file) { - float param; + float param = 0.0; FILE *fp; - int count = 0; + int count; switch (param_type) { case (SPLT_PARAM_TYPE): @@ -711,7 +711,7 @@ ndpi_log_timestamp(char *log_ts, uint32_t log_ts_len) { pkt_timeval tv; time_t nowtime; - struct tm nowtm_r; + struct tm nowtm_r = { 0 }; char tmbuf[NDPI_TIMESTAMP_LEN]; gettimeofday(&tv, NULL); diff --git a/src/lib/ndpi_domain_classify.c b/src/lib/ndpi_domain_classify.c index a289f2c41..2ca071ca0 100644 --- a/src/lib/ndpi_domain_classify.c +++ b/src/lib/ndpi_domain_classify.c @@ -224,7 +224,7 @@ bool ndpi_domain_classify_contains(ndpi_domain_classify *s, if((!strcmp(dot, ".arpa")) || (!strcmp(dot, ".local"))) return(false); /* This is a number or a numeric IP or similar */ - if(isdigit(domain[len-1]) && isdigit(domain[0])) { + if(ndpi_isdigit(domain[len-1]) && isdigit(domain[0])) { #ifdef DEBUG_CONTAINS printf("[contains] %s INVALID\n", domain); #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d9ba5b952..d870ffe5c 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4539,7 +4539,7 @@ int ndpi_load_categories_file(struct ndpi_detection_module_struct *ndpi_str, int load_categories_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd, void *user_data) { char buffer[512], *line, *name, *category, *saveptr; - int len, num = 0; + int len, num = 0, cat_id; if(!ndpi_str || !fd) return(-1); @@ -4562,12 +4562,17 @@ int load_categories_file_fd(struct ndpi_detection_module_struct *ndpi_str, category = strtok_r(NULL, "\t", &saveptr); if(category) { - int rc = ndpi_load_category(ndpi_str, name, - (ndpi_protocol_category_t) atoi(category), - user_data); + const char *errstrp; + cat_id = ndpi_strtonum(category, 1, NDPI_PROTOCOL_NUM_CATEGORIES - 1, &errstrp, 10); + if(errstrp == NULL) { + + int rc = ndpi_load_category(ndpi_str, name, + (ndpi_protocol_category_t)cat_id, + user_data); - if(rc >= 0) - num++; + if(rc >= 0) + num++; + } } } } @@ -4634,7 +4639,7 @@ int ndpi_load_category_file(struct ndpi_detection_module_struct *ndpi_str, line[i] = '\0'; break; } - if (line[i] != '-' && line[i] != '.' && isalnum(line[i]) == 0 + if (line[i] != '-' && line[i] != '.' && ndpi_isalnum(line[i]) == 0 /* non standard checks for the sake of compatibility */ && line[i] != '_') break; @@ -4689,19 +4694,19 @@ int ndpi_load_categories_dir(struct ndpi_detection_module_struct *ndpi_str, /* Check if the format is <proto it>_<string>.<extension> */ if((underscore = strchr(dp->d_name, '_')) != NULL) { - ndpi_protocol_category_t proto_id; + int cat_id; + const char *errstrp; underscore[0] = '\0'; - proto_id = (ndpi_protocol_category_t)atoi(dp->d_name); - - if((proto_id > 0) && (proto_id < (u_int16_t)NDPI_LAST_IMPLEMENTED_PROTOCOL)) { + cat_id = ndpi_strtonum(dp->d_name, 1, NDPI_PROTOCOL_NUM_CATEGORIES - 1, &errstrp, 10); + if(errstrp == NULL) { /* Valid file */ char path[512]; underscore[0] = '_'; snprintf(path, sizeof(path), "%s/%s", dir_path, dp->d_name); - if (ndpi_load_category_file(ndpi_str, path, proto_id) < 0) { + if (ndpi_load_category_file(ndpi_str, path, (ndpi_protocol_category_t)cat_id) < 0) { NDPI_LOG_ERR(ndpi_str, "Failed to load '%s'\n", path); failed_files++; }else @@ -5975,9 +5980,6 @@ int ndpi_handle_ipv6_extension_headers(u_int16_t l3len, const u_int8_t **l4ptr, *nxt_hdr = (*l4ptr)[0]; - if(*l4len < ehdr_len) - return(1); - *l4len -= ehdr_len; (*l4ptr) += ehdr_len; } @@ -6033,8 +6035,7 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru if(l3 == NULL || l3_len < sizeof(struct ndpi_iphdr)) return(1); - if((iph = (const struct ndpi_iphdr *) l3) == NULL) - return(1); + iph = (const struct ndpi_iphdr *) l3; if(iph->version == IPVERSION && iph->ihl >= 5) { NDPI_LOG_DBG2(ndpi_str, "ipv4 header\n"); @@ -6483,7 +6484,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, for(i=0; (i<packet->payload_packet_len) && (flow->flow_payload_len < ndpi_str->max_payload_track_len); i++) { flow->flow_payload[flow->flow_payload_len++] = - (isprint(packet->payload[i]) || isspace(packet->payload[i])) ? packet->payload[i] : '.'; + (ndpi_isprint(packet->payload[i]) || ndpi_isspace(packet->payload[i])) ? packet->payload[i] : '.'; } } } @@ -7019,7 +7020,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s (MS Teams uses Skype as transport protocol for voice/video) */ case NDPI_PROTOCOL_MSTEAMS: - if(flow && (flow->l4_proto == IPPROTO_TCP)) { + if(flow->l4_proto == IPPROTO_TCP) { // printf("====>> NDPI_PROTOCOL_MSTEAMS\n"); if(ndpi_str->msteams_cache) @@ -7031,7 +7032,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s break; case NDPI_PROTOCOL_STUN: - if(flow && (flow->guessed_protocol_id_by_ip == NDPI_PROTOCOL_MICROSOFT_AZURE)) + if(flow->guessed_protocol_id_by_ip == NDPI_PROTOCOL_MICROSOFT_AZURE) ndpi_reconcile_msteams_udp(ndpi_str, flow, NDPI_PROTOCOL_STUN); break; @@ -7054,8 +7055,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s When Teams is unable to communicate via UDP it switches to TLS.TCP. Let's try to catch it */ - if(flow - && (flow->guessed_protocol_id_by_ip == NDPI_PROTOCOL_MICROSOFT_AZURE) + if((flow->guessed_protocol_id_by_ip == NDPI_PROTOCOL_MICROSOFT_AZURE) && (ret->master_protocol == NDPI_PROTOCOL_UNKNOWN) && ndpi_str->msteams_cache ) { @@ -9081,7 +9081,7 @@ const char *ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_str } if((category >= NDPI_PROTOCOL_CATEGORY_CUSTOM_1) && (category <= NDPI_PROTOCOL_CATEGORY_CUSTOM_5)) { - switch(category) { + switch((int)category) { case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: return(ndpi_str->custom_category_labels[0]); case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: @@ -9092,13 +9092,9 @@ const char *ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_str return(ndpi_str->custom_category_labels[3]); case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: return(ndpi_str->custom_category_labels[4]); - case NDPI_PROTOCOL_NUM_CATEGORIES: - return("Code should not use this internal constant"); - default: - return("Unspecified"); } - } else - return(categories[category]); + } + return(categories[category]); } /* ****************************************************** */ @@ -10178,7 +10174,7 @@ u_int8_t ends_with(struct ndpi_detection_module_struct *ndpi_struct, /* ******************************************************************** */ static int ndpi_is_trigram_char(char c) { - if(isdigit(c) || (c == '.') || (c == '-')) + if(ndpi_isdigit(c) || (c == '.') || (c == '-')) return(0); else return(1); @@ -10242,7 +10238,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, ndpi_match_string_subprotocol(ndpi_str, name, strlen(name), &ret_match) > 0) return(0); /* Ignore DGA for known domain names */ - if(isdigit((int)name[0])) { + if(ndpi_isdigit(name[0])) { struct in_addr ip_addr; ip_addr.s_addr = inet_addr(name); @@ -10278,7 +10274,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, if(tmp[j] == '.') { num_dots++; } else if(num_dots == 0) { - if(!isdigit((int)tmp[j])) + if(!ndpi_isdigit(tmp[j])) first_element_is_numeric = 0; } @@ -10291,10 +10287,10 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, } else num_char_repetitions = 1, last_char = tmp[j]; - if(isdigit((int)tmp[j])) { + if(ndpi_isdigit(tmp[j])) { num_digits++; - if(((j+2)<(u_int)len) && isdigit((int)tmp[j+1]) && (tmp[j+2] == '.')) { + if(((j+2)<(u_int)len) && ndpi_isdigit(tmp[j+1]) && (tmp[j+2] == '.')) { /* Check if there are too many digits */ if(num_digits < 4) return(0); /* Double digits */ @@ -10393,7 +10389,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, trigram_char_skip = 0; for(i = 0; word[i+1] != '\0'; i++) { - if(isdigit((int)word[i])) + if(ndpi_isdigit(word[i])) num_consecutive_digits++; else { if((num_word == 1) && (num_consecutive_digits > max_num_consecutive_digits_first_word)) diff --git a/src/lib/ndpi_serializer.c b/src/lib/ndpi_serializer.c index e8cdf5c88..639703f7e 100644 --- a/src/lib/ndpi_serializer.c +++ b/src/lib/ndpi_serializer.c @@ -74,7 +74,7 @@ static int ndpi_is_number(const char *str, u_int32_t str_len) { unsigned int i; for(i = 0; i < str_len; i++) - if(!isdigit((int)str[i])) return(0); + if(!ndpi_isdigit(str[i])) return(0); return(1); } diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 67b2d92e8..3c37f7f5e 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -696,7 +696,7 @@ static inline int ndpi_is_other_char(char c) { /* ******************************************************************** */ static int _ndpi_is_valid_char(char c) { - if(ispunct(c) && (!ndpi_is_other_char(c))) + if(ndpi_ispunct(c) && (!ndpi_is_other_char(c))) return(0); else return(ndpi_isdigit(c) @@ -722,7 +722,7 @@ static int ndpi_find_non_eng_bigrams(struct ndpi_detection_module_struct *ndpi_s char *str) { char s[3]; - if((isdigit((int)str[0]) && isdigit((int)str[1])) + if((ndpi_isdigit(str[0]) && ndpi_isdigit(str[1])) || ndpi_is_other_char(str[0]) || ndpi_is_other_char(str[1]) ) @@ -741,7 +741,7 @@ int ndpi_has_human_readeable_string(struct ndpi_detection_module_struct *ndpi_st char *buffer, u_int buffer_size, u_int8_t min_string_match_len, char *outbuf, u_int outbuf_len) { - u_int ret = 0, i = 0, do_cr = 0, len = 0, o_idx = 0, being_o_idx = 0; + u_int ret = 0, i, do_cr = 0, len = 0, o_idx = 0, being_o_idx = 0; if(buffer_size <= 0) return(0); @@ -768,7 +768,7 @@ int ndpi_has_human_readeable_string(struct ndpi_detection_module_struct *ndpi_st len += 1; } - // printf("->> %c%c\n", isprint(buffer[i]) ? buffer[i] : '.', isprint(buffer[i+1]) ? buffer[i+1] : '.'); + // printf("->> %c%c\n", ndpi_isprint(buffer[i]) ? buffer[i] : '.', ndpi_isprint(buffer[i+1]) ? buffer[i+1] : '.'); if(do_cr) { if(len > min_string_match_len) ret = 1; diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c index c70e2a478..cfc70f451 100644 --- a/src/lib/protocols/checkmk.c +++ b/src/lib/protocols/checkmk.c @@ -60,7 +60,7 @@ static void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct * this will detect the OpenSession command of the Data Stream Interface (DSI) protocol * which is exclusively used by the Apple Filing Protocol (AFP) on TCP/IP networks */ - if (packet->payload_packet_len >= 15 && packet->payload_packet_len < 100 + if (packet->payload_packet_len < 100 && memcmp(packet->payload, "<<<check_mk>>>", 14) == 0) { NDPI_LOG_DBG(ndpi_struct, "Check_MK: Flow detected.\n"); diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 547da36c5..8bef69461 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -253,7 +253,7 @@ static u_int8_t ndpi_grab_dns_name(struct ndpi_packet_struct *packet, hostname_is_valid = 0; - if (isprint(c) == 0) { + if (ndpi_isprint(c) == 0) { _hostname[j++] = '?'; } else { _hostname[j++] = '_'; diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 7943c1b15..b0bbd30ca 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -122,7 +122,7 @@ static int ndpi_search_http_tcp_again(struct ndpi_detection_module_struct *ndpi_ /* *********************************************** */ static int ndpi_http_is_print(char c) { - if(isprint(c) || (c == '\t') || (c == '\r') || (c == '\n')) + if(ndpi_isprint(c) || (c == '\t') || (c == '\r') || (c == '\n')) return(1); else return(0); @@ -568,11 +568,11 @@ static void ndpi_check_user_agent(struct ndpi_detection_module_struct *ndpi_stru * We assume at least one non alpha char. * e.g. ' ', '-' or ';' ... */ - if (isalpha(ua[i]) == 0) + if (ndpi_isalpha(ua[i]) == 0) { break; } - if (isupper(ua[i]) != 0) + if (isupper((unsigned char)ua[i]) != 0) { upper_case_count++; } @@ -771,7 +771,7 @@ static void ndpi_check_http_server(struct ndpi_detection_module_struct *ndpi_str char buf[16] = { '\0' }; for(i=off, j=0; (i<server_len) && (j<sizeof(buf)-1) - && (isdigit(server[i]) || (server[i] == '.')); i++) + && (ndpi_isdigit(server[i]) || (server[i] == '.')); i++) buf[j++] = server[i]; if(sscanf(buf, "%d.%d.%d", &a, &b, &c) == 3) { @@ -790,7 +790,7 @@ static void ndpi_check_http_server(struct ndpi_detection_module_struct *ndpi_str /* Check server content */ for(i=0; i<server_len; i++) { - if(!isprint(server[i])) { + if(!ndpi_isprint(server[i])) { ndpi_set_risk(ndpi_struct, flow, NDPI_HTTP_SUSPICIOUS_HEADER, "Suspicious Agent"); break; } @@ -816,7 +816,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ && (packet->host_line.len > 0)) { int len = packet->http_url_name.len + packet->host_line.len + 1; - if(isdigit(packet->host_line.ptr[0]) + if(ndpi_isdigit(packet->host_line.ptr[0]) && (packet->host_line.len < 21)) ndpi_check_numeric_ip(ndpi_struct, flow, (char*)packet->host_line.ptr, packet->host_line.len); diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index ae09493b9..7ff120982 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -487,7 +487,7 @@ static void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struc name_offset += 1; if(name_offset < packet->payload_packet_len - 1 && - isprint(packet->payload[name_offset+1]) == 0) /* Isn't printable ? */ + ndpi_isprint(packet->payload[name_offset+1]) == 0) /* Isn't printable ? */ { name_offset++; } diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index b6eff8c4c..c88844a09 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -180,18 +180,12 @@ static void ndpi_search_mqtt(struct ndpi_detection_module_struct *ndpi_struct, if (pt == PUBLISH) { // payload CAN be zero bytes length (section 3.3.3 of MQTT standard) u_int8_t qos = (u_int8_t) (flags & 0x06); - u_int8_t retain = (u_int8_t) (flags & 0x01); u_int8_t dup = (u_int8_t) (flags & 0x04); if (qos > 2) { // qos values possible are 0,1,2 NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH qos\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } - if (retain > 1) { // retain flag possible 0,1 - NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH retain\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); - return; - } if (dup > 1) { // dup flag possible 0,1 NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH dup\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); diff --git a/src/lib/protocols/protobuf.c b/src/lib/protocols/protobuf.c index 2ba63670d..003cc2fad 100644 --- a/src/lib/protocols/protobuf.c +++ b/src/lib/protocols/protobuf.c @@ -92,11 +92,6 @@ protobuf_dissect_varint(struct ndpi_packet_struct const * const packet, } } - if (i == 10) - { - return -1; - } - *offset += i + 1; return 0; } diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index f6194c2f7..2f3e37f72 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -56,8 +56,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st if(packet->iph /* IPv4 Only: we need to support packet->iphv6 at some point */) { proto = ndpi_search_tcp_or_udp_raw(ndpi_struct, flow, - packet->iph ? packet->iph->protocol : - packet->iphv6->ip6_hdr.ip6_un1_nxt, + flow->l4_proto, ntohl(packet->iph->saddr), ntohl(packet->iph->daddr)); diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c index 6d457d45f..8c9d18866 100644 --- a/src/lib/protocols/telegram.c +++ b/src/lib/protocols/telegram.c @@ -75,7 +75,7 @@ static void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struc u_int16_t sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); if(is_telegram_port_range(sport) || is_telegram_port_range(dport)) { - u_int i=0, found = 0; + u_int i, found = 0; for(i=0; i<packet->payload_packet_len; i++) { if(packet->payload[i] == 0xFF) { diff --git a/src/lib/third_party/src/gcrypt_light.c b/src/lib/third_party/src/gcrypt_light.c index b952fa695..d05d6679a 100644 --- a/src/lib/third_party/src/gcrypt_light.c +++ b/src/lib/third_party/src/gcrypt_light.c @@ -344,8 +344,14 @@ static gcry_error_t _gcry_cipher_crypt (gcry_cipher_hd_t h, src ? src:(const unsigned char *)in, (unsigned char *)out); break; case GCRY_CIPHER_MODE_GCM: - if(encrypt) return MBEDTLS_ERR_GCM_NOT_SUPPORT; - if(!( h->s_key && h->s_auth && h->s_iv && !h->s_crypt_ok)) return MBEDTLS_ERR_GCM_MISSING_KEY; + if(encrypt) { + ndpi_free(src); + return MBEDTLS_ERR_GCM_NOT_SUPPORT; + } + if(!( h->s_key && h->s_auth && h->s_iv && !h->s_crypt_ok)) { + ndpi_free(src); + return MBEDTLS_ERR_GCM_MISSING_KEY; + } h->taglen = 16; rv = mbedtls_gcm_crypt_and_tag(h->ctx.gcm, MBEDTLS_GCM_DECRYPT, diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index 996af7e88..cf1eef229 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -40,7 +40,6 @@ */ #include <assert.h> /* assert */ -#include <ctype.h> /* isdigit */ #include <errno.h> /* errno */ #include <math.h> /* sin */ #include <stddef.h> /* NULL */ @@ -76,8 +75,6 @@ static u_char* ndpi_prefix_tochar (ndpi_prefix_t * prefix) if(family == AF_INET) return ((u_char *) & prefix->add.sin); else if(family == AF_INET6) return ((u_char *) & prefix->add.sin6); else /* if(family == AF_MAC) */ return ((u_char *) & prefix->add.mac); - - return ((u_char *) & prefix->add.sin); } static int ndpi_comp_with_mask (void *addr, void *dest, u_int mask) { @@ -103,7 +100,7 @@ static int ndpi_my_inet_pton (int af, const char *src, void *dst) int c, val; c = *src++; - if(!isdigit (c)) + if(!ndpi_isdigit (c)) return (-1); val = 0; do { @@ -111,7 +108,7 @@ static int ndpi_my_inet_pton (int af, const char *src, void *dst) if(val > 255) return (0); c = *src++; - } while (c && isdigit (c)); + } while (c && ndpi_isdigit (c)); xp[i] = (u_char)val; if(c == '\0') break; diff --git a/src/lib/third_party/src/strptime.c b/src/lib/third_party/src/strptime.c index e1c740456..f9bc708e1 100644 --- a/src/lib/third_party/src/strptime.c +++ b/src/lib/third_party/src/strptime.c @@ -130,8 +130,8 @@ strptime(const char* buf, const char* fmt, struct tm* tm) alt_format = 0; /* Eat up white-space. */ - if (isspace(c)) { - while (isspace(*bp)) + if (ndpi_isspace(c)) { + while (ndpi_isspace(*bp)) bp++; fmt++; @@ -397,7 +397,7 @@ strptime(const char* buf, const char* fmt, struct tm* tm) case 'n': /* Any kind of white-space. */ case 't': LEGAL_ALT(0); - while (isspace(*bp)) + while (ndpi_isspace(*bp)) bp++; break; @@ -437,4 +437,4 @@ conv_num(const char** buf, int* dest, int llim, int ulim) return (1); } -#endif
\ No newline at end of file +#endif diff --git a/utils/check_symbols.sh b/utils/check_symbols.sh index 1f45718f1..d24de16c1 100755 --- a/utils/check_symbols.sh +++ b/utils/check_symbols.sh @@ -19,7 +19,7 @@ for line in `nm -P -u "${NDPI_LIB}"`; do fi #printf '%s\n' "${line}" - FOUND_SYMBOL="$(printf '%s' "${line}" | grep '^\(malloc\|calloc\|realloc\|free\|printf\|fprintf\)$' || true)" + FOUND_SYMBOL="$(printf '%s' "${line}" | grep '^\(malloc\|calloc\|realloc\|free\|printf\|fprintf\|isdigit\|isalpha\|isalnum\|isspace\|isprint\|ispunct\)$' || true)" if [ ! -z "${FOUND_SYMBOL}" ]; then SKIP=0 @@ -60,6 +60,6 @@ done printf 'Unwanted symbols found: %s\n' "${FAIL_COUNT}" if [ ${FAIL_COUNT} -gt 0 ]; then - printf '%s\n' 'Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free wrapper instead of malloc/calloc/realloc/free' + printf '%s\n' 'Please make sure to use only ndpi_malloc/ndpi_calloc/ndpi_realloc/ndpi_free/ndpi_isdigit/ndpi_isalpha/ndpi_isalnum/ndpi_isspace/ndpi_isprint/ndpi_ispunct wrapper instead of malloc/calloc/realloc/free/isdigit/isalpha/isalnum/isspace/isprint/ispunct' fi exit ${FAIL_COUNT} |