diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2022-10-04 19:14:41 +0200 |
|---|---|---|
| committer | Toni <matzeton@googlemail.com> | 2022-10-04 22:17:05 +0200 |
| commit | cca585053e86b70b86c12296531a882847e8dd87 (patch) | |
| tree | 745017963364ee83578783974cdecb21cc326ccb | |
| parent | 131d53896f41d9be4de77907631bed82d0b79e63 (diff) | |
Fix compilation and sync utests results
| -rw-r--r-- | example/ndpiReader.c | 2 | ||||
| -rw-r--r-- | fuzz/fuzz_ndpi_reader.c | 1 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 4 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 8 | ||||
| -rw-r--r-- | tests/result/WebattackRCE.pcap.out | 4 |
6 files changed, 12 insertions, 9 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 19136091d..8439c410c 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1692,7 +1692,7 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa for(i=0; i<flow->flow_payload_len; i++) printf("%c", isspace(flow->flow_payload[i]) ? '.' : flow->flow_payload[i]); - printf("]"); + printf("]"); } fprintf(out, "\n"); diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c index a85aa574c..084e49c19 100644 --- a/fuzz/fuzz_ndpi_reader.c +++ b/fuzz/fuzz_ndpi_reader.c @@ -17,6 +17,7 @@ u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0; u_int8_t enable_flow_stats = 0; u_int8_t human_readeable_string_len = 5; u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */; +ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_ja3_plus; int bufferToFile(const char * name, const uint8_t *Data, size_t Size) { FILE * fd; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index a8b270b6d..b0bff8bb1 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1572,8 +1572,8 @@ struct ndpi_flow_struct { _Static_assert(sizeof(((struct ndpi_flow_struct *)0)->protos) <= 200, "Size of the struct member protocols increased to more than 200 bytes, " "please check if this change is necessary."); -_Static_assert(sizeof(struct ndpi_flow_struct) <= 904, - "Size of the flow struct increased to more than 904 bytes, " +_Static_assert(sizeof(struct ndpi_flow_struct) <= 920, + "Size of the flow struct increased to more than 920 bytes, " "please check if this change is necessary."); #endif #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index dca58a29a..6061d6419 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5277,7 +5277,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, const struct ndpi_tcphdr *tcph = packet->tcp; const struct ndpi_udphdr *udph = packet->udp; - if(packet->payload_packet_len > 0) { + if(ndpi_str->max_payload_track_len > 0 && packet->payload_packet_len > 0) { /* printf("LEN: %u [%s]\n", packet->payload_packet_len, packet->payload); */ if(flow->flow_payload == NULL) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 9e6def210..80c4c8041 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -659,7 +659,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ flow->http.url = ndpi_malloc(len); if(flow->http.url) { - u_int offset = 0; + u_int offset = 0, host_end = 0; if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP_CONNECT) { strncpy(flow->http.url, (char*)packet->http_url_name.ptr, @@ -668,8 +668,10 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ flow->http.url[packet->http_url_name.len] = '\0'; } else { /* Check if we pass through a proxy (usually there is also the Via: ... header) */ - if(strncmp((char*)packet->http_url_name.ptr, "http://", 7) != 0) + if(strncmp((char*)packet->http_url_name.ptr, "http://", 7) != 0) { strncpy(flow->http.url, (char*)packet->host_line.ptr, offset = packet->host_line.len); + host_end = packet->host_line.len; + } if((packet->host_line.len == packet->http_url_name.len) && (strncmp((char*)packet->host_line.ptr, @@ -684,7 +686,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ flow->http.url[offset] = '\0'; } - ndpi_check_http_url(ndpi_struct, flow, &flow->http.url[packet->host_line.len]); + ndpi_check_http_url(ndpi_struct, flow, &flow->http.url[host_end]); } flow->http.method = ndpi_http_str2method((const char*)packet->http_method.ptr, diff --git a/tests/result/WebattackRCE.pcap.out b/tests/result/WebattackRCE.pcap.out index f358a5195..04a93fc5a 100644 --- a/tests/result/WebattackRCE.pcap.out +++ b/tests/result/WebattackRCE.pcap.out @@ -117,8 +117,8 @@ HTTP 797 191003 797 94 TCP 127.0.0.1:51200 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/333 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/ParticipantPortType11][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007188)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP Address **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 95 TCP 127.0.0.1:51188 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/331 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/CoordinatorPortType][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007182)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP Address **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 96 TCP 127.0.0.1:51192 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/331 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/wls-wsat/ParticipantPortType][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007184)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP Address **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /wls)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 97 TCP 127.0.0.1:51186 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/326 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/shell?cat%20/etc/passwd][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007084)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP Address **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /shell)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 98 TCP 127.0.0.1:51204 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/323 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/shell?cat+/etc/hosts][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007235)][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP Address **** Unidirectional Traffic **][Risk Score: 70][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /shell)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 97 TCP 127.0.0.1:51186 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/326 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/shell?cat%20/etc/passwd][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007084)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP Address **** Unidirectional Traffic **][Risk Score: 320][Risk Info: No server to client traffic / Found host 127.0.0.1 / Possible WebShell detected / Expected on port 80][PLAIN TEXT (GET /shell)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 98 TCP 127.0.0.1:51204 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/323 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/shell?cat+/etc/hosts][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007235)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP Address **** Unidirectional Traffic **][Risk Score: 320][Risk Info: No server to client traffic / Found host 127.0.0.1 / Possible WebShell detected / Expected on port 80][PLAIN TEXT (GET /shell)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 99 TCP 127.0.0.1:51008 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/316 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/community/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP Address **** Unidirectional Traffic **][Risk Score: 320][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /community/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 100 TCP 127.0.0.1:51012 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/316 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/vbulletin/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003040)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP Address **** Unidirectional Traffic **][Risk Score: 320][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /vbulletin/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 101 TCP 127.0.0.1:51004 -> 127.0.0.1:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][1 pkts/314 bytes -> 0 pkts/0 bytes][Goodput ratio: 79/0][< 1 sec][Hostname/SNI: 127.0.0.1][URL: 127.0.0.1/htforum/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22][StatusCode: 0][User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:003039)][Risk: ** RCE Injection **** Known Proto on Non Std Port **** HTTP Numeric IP Address **** Unidirectional Traffic **][Risk Score: 320][Risk Info: No server to client traffic / Found host 127.0.0.1 / Expected on port 80][PLAIN TEXT (GET /htforum/calendar.php)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |