Merge pull request #3 from ntop/dev

update to latest
author: dillinger79 <dxnanos@gmail.com> 2018-03-01 14:13:50 +0200
committer: GitHub <noreply@github.com> 2018-03-01 14:13:50 +0200
commit: b19cd086b41ed17217537664b10b29a7055e3f72 (patch)
tree: 9eb61225d2b9f2962f553888cdc1cbe86b93396d /src/lib/protocols/dhcp.c
parent: 9f8fedb3b1f3e1a380baf1600a12096aaf2e2953 (diff)
parent: e935ee77bf1802f2bf47afd5d7a27eb1b5116c47 (diff)
1 files changed, 57 insertions, 29 deletions
diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c
index f597d6ced..02ce00f25 100644
--- a/src/lib/protocols/dhcp.c
+++ b/src/lib/protocols/dhcp.c
@@ -18,11 +18,14 @@
  *
  */
 
-
-#include "ndpi_protocols.h"
+#include "ndpi_protocol_ids.h"
 
 #ifdef NDPI_PROTOCOL_DHCP
 
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCP
+
+#include "ndpi_api.h"
+
 /* freeradius/src/lib/dhcp.c */
 #define DHCP_CHADDR_LEN	16
 #define DHCP_SNAME_LEN	64
@@ -61,8 +64,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru
 {
   struct ndpi_packet_struct *packet = &flow->packet;
 
-  //      struct ndpi_id_struct         *src=ndpi_struct->src;
-  //      struct ndpi_id_struct         *dst=ndpi_struct->dst;
+  NDPI_LOG_DBG(ndpi_struct, "search DHCP\n");
 
   /* this detection also works for asymmetric dhcp traffic */
 
@@ -70,55 +72,81 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru
   if(packet->udp) {
     dhcp_packet_t *dhcp = (dhcp_packet_t*)packet->payload;
 
-    if((packet->payload_packet_len >= 244)
+    if((packet->payload_packet_len >= 244 /* 244 is the offset of options[0] in dhcp_packet_t */)
        && (packet->udp->source == htons(67) || packet->udp->source == htons(68))
        && (packet->udp->dest == htons(67) || packet->udp->dest == htons(68))
        && (dhcp->magic == htonl(DHCP_OPTION_MAGIC_NUMBER))) {
-      int i = 0, foundValidMsgType = 0;
+      u_int i = 0, foundValidMsgType = 0;
 
-      while(i < DHCP_VEND_LEN) {
+      u_int dhcp_options_size = ndpi_min(DHCP_VEND_LEN /* maximum size of options in dhcp_packet_t */,
+					 packet->payload_packet_len - 244);
+
+      while(i + 1 /* for the len */ < dhcp_options_size) {
 	u_int8_t id  = dhcp->options[i];
-	u_int8_t len = dhcp->options[i+1];
 
-	if(len == 0) break;
-	
+	if(id == 0xFF)
+	  break;
+	else {
+	  /* Prevent malformed packets to cause out-of-bounds accesses */
+	  u_int8_t len = ndpi_min(dhcp->options[i+1] /* len as found in the packet */,
+				  dhcp_options_size - (i+2) /* 1 for the type and 1 for the value */);
+
+	  if(len == 0) break;
+
 #ifdef DHCP_DEBUG
-	printf("[DHCP] Id=%d [len=%d]\n", id, len);
+	  NDPI_LOG_DBG2(ndpi_struct, "[DHCP] Id=%d [len=%d]\n", id, len);
 #endif
-	
-	if(id == 53 /* DHCP Message Type */) {
-	  u_int8_t msg_type = dhcp->options[i+2];
 
-	  if(msg_type <= 8) foundValidMsgType = 1;
-	} else if(id == 12 /* Host Name */) {
-	  char *name = (char*)&dhcp->options[i+2];
-	  int j = 0;
+	  if(id == 53 /* DHCP Message Type */) {
+	    u_int8_t msg_type = dhcp->options[i+2];
+
+	    if(msg_type <= 8) foundValidMsgType = 1;
+	  } else if(id == 55 /* Parameter Request List / Fingerprint */) {
+	    u_int idx, offset = 0;
+
+	    for(idx = 0; idx < len && offset < sizeof(flow->protos.dhcp.fingerprint) - 2; idx++) {
+	      snprintf((char*)&flow->protos.dhcp.fingerprint[offset],
+		       sizeof(flow->protos.dhcp.fingerprint) - offset,
+		       "%02X", dhcp->options[i+2+idx] & 0xFF);
+	      offset += 2;
+	    }
+	    flow->protos.dhcp.fingerprint[sizeof(flow->protos.dhcp.fingerprint) - 1] = '\0';
+
+	  } else if(id == 60 /* Class Identifier */) {
+	    char *name = (char*)&dhcp->options[i+2];
+	    int j = 0;
+
+	    j = ndpi_min(len, sizeof(flow->protos.dhcp.class_ident)-1);
+	    strncpy((char*)flow->protos.dhcp.class_ident, name, j);
+	    flow->protos.dhcp.class_ident[j] = '\0';
+	  } else if(id == 12 /* Host Name */) {
+	    char *name = (char*)&dhcp->options[i+2];
+	    int j = 0;
 
 #ifdef DHCP_DEBUG
-	  printf("[DHCP] ");
-	  while(j < len) { printf("%c", name[j]); j++; }
-	  printf("\n");
+	    NDPI_LOG_DBG2(ndpi_struct, "[DHCP] '%.*s'\n",name,len);
+//	    while(j < len) { printf( "%c", name[j]); j++; }; printf("\n");
 #endif
-	  j = ndpi_min(len, sizeof(flow->host_server_name)-1);
-	  strncpy((char*)flow->host_server_name, name, j);
-	  flow->host_server_name[j] = '\0';
-	} else if(id == 0xFF)
-	    break;
+	    j = ndpi_min(len, sizeof(flow->host_server_name)-1);
+	    strncpy((char*)flow->host_server_name, name, j);
+	    flow->host_server_name[j] = '\0';
+	  }
 
-	i += len + 2;
+	  i += len + 2;
+	}
       }
 
       //get_u_int16_t(packet->payload, 240) == htons(0x3501)) {
 
       if(foundValidMsgType) {
-	NDPI_LOG(NDPI_PROTOCOL_DHCP, ndpi_struct, NDPI_LOG_DEBUG, "DHCP found\n");
+	NDPI_LOG_INFO(ndpi_struct, "found DHCP\n");
 	ndpi_int_dhcp_add_connection(ndpi_struct, flow);
       }
       return;
     }
   }
 
-  NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DHCP);
+  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 }
author	dillinger79 <dxnanos@gmail.com>	2018-03-01 14:13:50 +0200
committer	GitHub <noreply@github.com>	2018-03-01 14:13:50 +0200
commit	b19cd086b41ed17217537664b10b29a7055e3f72 (patch)
tree	9eb61225d2b9f2962f553888cdc1cbe86b93396d /src/lib/protocols/dhcp.c
parent	9f8fedb3b1f3e1a380baf1600a12096aaf2e2953 (diff)
parent	e935ee77bf1802f2bf47afd5d7a27eb1b5116c47 (diff)