diff options
| author | emanuele-f <faranda@ntop.org> | 2020-01-02 14:39:51 +0100 |
|---|---|---|
| committer | emanuele-f <faranda@ntop.org> | 2020-01-02 14:39:51 +0100 |
| commit | 798bb6e2e113f10d9b710179553e4cef23222a61 (patch) | |
| tree | e200ef28aca2890291a3a3657a7c1ee3bf20596f | |
| parent | 2332cbfefec9a64c77e5c30530f0e397a1388470 (diff) | |
Fix leaks and sha1 certificate detection
| -rw-r--r-- | example/ndpiReader.c | 6 | ||||
| -rw-r--r-- | example/reader_util.c | 6 | ||||
| -rw-r--r-- | example/reader_util.h | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 15 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 4 |
5 files changed, 18 insertions, 14 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index c88df245a..15e4d1016 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1224,11 +1224,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if((flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) || (flow->detected_protocol.app_protocol == NDPI_PROTOCOL_TLS)) { - if((flow->ssh_tls.sha1_cert_fingerprint[0] == 0) - && (flow->ssh_tls.sha1_cert_fingerprint[1] == 0) - && (flow->ssh_tls.sha1_cert_fingerprint[2] == 0)) - ; /* Looks empty */ - else { + if(flow->ssh_tls.sha1_cert_fingerprint_set) { fprintf(out, "[Certificate SHA-1: "); for(i=0; i<20; i++) fprintf(out, "%s%02X", (i > 0) ? ":" : "", diff --git a/example/reader_util.c b/example/reader_util.c index 79104ea91..b8fce9632 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1049,8 +1049,12 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ndpi_flow->protos.stun_ssl.ssl.ja3_server); flow->ssh_tls.server_unsafe_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_unsafe_cipher; flow->ssh_tls.server_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_cipher; - memcpy(flow->ssh_tls.sha1_cert_fingerprint, + + if(flow->ndpi_flow->l4.tcp.tls.fingerprint_set) { + memcpy(flow->ssh_tls.sha1_cert_fingerprint, flow->ndpi_flow->l4.tcp.tls.sha1_certificate_fingerprint, 20); + flow->ssh_tls.sha1_cert_fingerprint_set = 1; + } } if(flow->detection_completed && (!flow->check_extra_packets)) { diff --git a/example/reader_util.h b/example/reader_util.h index 6fd1880e5..55c260a54 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -200,6 +200,7 @@ typedef struct ndpi_flow_info { server_organization[64], ja3_client[33], ja3_server[33], sha1_cert_fingerprint[20]; + u_int8_t sha1_cert_fingerprint_set; time_t notBefore, notAfter; u_int16_t server_cipher; ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7ad648ee6..9296d10a2 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3835,12 +3835,10 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str u_int8_t backup; u_int16_t backup1, backup2; - if(flow->http.url) ndpi_free(flow->http.url); - if(flow->http.content_type) ndpi_free(flow->http.content_type); - if(flow->http.user_agent) ndpi_free(flow->http.user_agent); - - if(flow->l4.tcp.tls.message.buffer) - ndpi_free(flow->l4.tcp.tls.message.buffer); + if(flow->http.url) ndpi_free(flow->http.url), flow->http.url = NULL; + if(flow->http.content_type) ndpi_free(flow->http.content_type), flow->http.content_type = NULL; + if(flow->http.user_agent) ndpi_free(flow->http.user_agent), flow->http.user_agent = NULL; + if(flow->l4.tcp.tls.message.buffer) ndpi_free(flow->l4.tcp.tls.message.buffer), flow->l4.tcp.tls.message.buffer = NULL; backup = flow->num_processed_pkts; backup1 = flow->guessed_protocol_id; @@ -6426,6 +6424,11 @@ void ndpi_free_flow(struct ndpi_flow_struct *flow) { ndpi_free(flow->l4.tcp.tls.srv_cert_fingerprint_ctx); } + if(flow->l4_proto == IPPROTO_TCP) { + if(flow->l4.tcp.tls.message.buffer) + ndpi_free(flow->l4.tcp.tls.message.buffer); + } + ndpi_free(flow); } } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 88bfa7590..655de7e2f 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -394,7 +394,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi flow->protos.stun_ssl.ssl.server_names = newstr; flow->protos.stun_ssl.ssl.server_names[flow->protos.stun_ssl.ssl.server_names_len] = ','; strncpy(&flow->protos.stun_ssl.ssl.server_names[flow->protos.stun_ssl.ssl.server_names_len+1], - dNSName, dNSName_len-1); + dNSName, dNSName_len+1); flow->protos.stun_ssl.ssl.server_names[newstr_len] = '\0'; flow->protos.stun_ssl.ssl.server_names_len = newstr_len; } @@ -581,7 +581,7 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, /* Split the element in blocks */ u_int16_t processed = 5; - while(processed < len) { + while((processed+4) < len) { const u_int8_t *block = (const u_int8_t *)&flow->l4.tcp.tls.message.buffer[processed]; u_int16_t block_len = (block[1] << 16) + (block[2] << 8) + block[3]; |