Added detection for WordPress exploits

Fixed ndpi_iph_is_valid_and_not_fragmented() that was bugged with non UDP traffic
author: Luca Deri <deri@ntop.org> 2022-05-29 16:29:51 +0200
committer: Luca Deri <deri@ntop.org> 2022-05-29 16:31:26 +0200
commit: 1093aafa5f81aeb39263bc87dc88327f873341ae (patch)
tree: 08e17a3d1a6138c4ecccc9350014609bdb01fc6c /src/lib/ndpi_main.c
parent: 6b7b23b01d50468263b707abdf79146f1d4c821f (diff)
1 files changed, 9 insertions, 4 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 6fcfbb13f..1a3f0acf6 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4604,12 +4604,17 @@ u_int8_t ndpi_iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, cons
     1: not fragmented
   */
   //#ifdef REQUIRE_FULL_PACKETS
-  if(ipsize < iph->ihl * 4 || ipsize < ntohs(iph->tot_len) || ntohs(iph->tot_len) < iph->ihl * 4 ||
-     (iph->frag_off & htons(0x1FFF)) != 0) {
-    return(0);
+
+  if(iph->protocol == IPPROTO_UDP) {
+    if((ipsize < iph->ihl * 4)
+       || (ipsize < ntohs(iph->tot_len))
+       || (ntohs(iph->tot_len) < iph->ihl * 4)
+       || (iph->frag_off & htons(0x1FFF)) != 0) {
+      return(0);
+    }
   }
   //#endif
-
+    
   return(1);
 }
author	Luca Deri <deri@ntop.org>	2022-05-29 16:29:51 +0200
committer	Luca Deri <deri@ntop.org>	2022-05-29 16:31:26 +0200
commit	1093aafa5f81aeb39263bc87dc88327f873341ae (patch)
tree	08e17a3d1a6138c4ecccc9350014609bdb01fc6c /src/lib/ndpi_main.c
parent	6b7b23b01d50468263b707abdf79146f1d4c821f (diff)