diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2020-07-11 00:50:00 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2020-07-11 01:05:39 +0200 |
| commit | 23c07215388f6d5a2ee3a0e3b63fba92e2cbb085 (patch) | |
| tree | e87c1158a1e05fee04831b830263545c98af5e50 /src/lib/ndpi_utils.c | |
| parent | 12abcd516b468f6e0070308fa57052b93aa3a3ca (diff) | |
Fixed race condition in ndpi_ssl_version2str() caused by static qualifier in the version string buffer.
* added also GREASE supported tls versions as specified in
https://tools.ietf.org/html/draft-davidben-tls-grease-01#page-4
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/lib/ndpi_utils.c')
| -rw-r--r-- | src/lib/ndpi_utils.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 708ac38a0..50cf1099f 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -714,9 +714,8 @@ int ndpi_has_human_readeable_string(struct ndpi_detection_module_struct *ndpi_st /* ********************************** */ -char* ndpi_ssl_version2str(u_int16_t version, u_int8_t *unknown_tls_version) { - static char v[12]; - +char* ndpi_ssl_version2str(struct ndpi_flow_struct *flow, + u_int16_t version, u_int8_t *unknown_tls_version) { *unknown_tls_version = 0; switch(version) { @@ -728,15 +727,32 @@ char* ndpi_ssl_version2str(u_int16_t version, u_int8_t *unknown_tls_version) { case 0XFB1A: return("TLSv1.3 (Fizz)"); /* https://engineering.fb.com/security/fizz/ */ case 0XFEFF: return("DTLSv1.0"); case 0XFEFD: return("DTLSv1.2"); + case 0x0A0A: + case 0x1A1A: + case 0x2A2A: + case 0x3A3A: + case 0x4A4A: + case 0x5A5A: + case 0x6A6A: + case 0x7A7A: + case 0x8A8A: + case 0x9A9A: + case 0xAAAA: + case 0xBABA: + case 0xCACA: + case 0xDADA: + case 0xEAEA: + case 0xFAFA: return("GREASE"); } if((version >= 0x7f00) && (version <= 0x7fff)) return("TLSv1.3 (draft)"); *unknown_tls_version = 1; - snprintf(v, sizeof(v), "TLS (%04X)", version); + snprintf(flow->protos.stun_ssl.ssl.ssl_version_str, + sizeof(flow->protos.stun_ssl.ssl.ssl_version_str), "TLS (%04X)", version); - return(v); + return(flow->protos.stun_ssl.ssl.ssl_version_str); } /* ***************************************************** */ @@ -1066,7 +1082,7 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, struct tm a, b, *before = NULL, *after = NULL; u_int i, off; u_int8_t unknown_tls_version; - char *version = ndpi_ssl_version2str(flow->protos.stun_ssl.ssl.ssl_version, &unknown_tls_version); + char *version = ndpi_ssl_version2str(flow, flow->protos.stun_ssl.ssl.ssl_version, &unknown_tls_version); if(flow->protos.stun_ssl.ssl.notBefore) before = gmtime_r((const time_t *)&flow->protos.stun_ssl.ssl.notBefore, &a); |